cheatsheets-forensic

This repository contains forensic cheatsheets to be used with cheat and similar applications.

How to

Installation

First, install cheat.

Once cheat is installed and configured, you can clone this repository to a suitable location. Open the cheat config file (usually ~/.config/cheat/conf.yml) and add the following to the cheatpaths section:

  - name: forensics
    path: /path/to/cheatsheets-forensic
    tags: [ forensics ]
    readonly: false

You might consider putting the cheatsheets-forensic section before the personal section so that changes you make to any of the sheets are given priority.

Usage

cheatsheets are simple text files that can be called and displayed with the cheat command:

$ cheat mmls
# Display a device or image partition table / layout

mmls /dev/<device>
mmls <image>

# Display a  device or image partition table / layout with a
# column for size

mmls <image> -B

You can get a list of all your available cheatsheets with cheat -l or search by a specific tag (forensics, sleuthkit, imaging, etc.).

$ cheat -l -t <tagname>

Format

Cheatsheets are plain-text files that begin with an optional "front matter" header in YAML format. The header may be used to assign "tags" to a sheet, and to specify the sheet's syntax (bash, python, go, etc).

When possible, cheatsheets should conform to this format:

---
syntax: bash
tags: [ sleuthkit ]
---
# To view a device or image partition table / layout

mmls /dev/<device>
mmls <image>

# To view a device or image partition table / layout with a
#    column for size

mmls <image> -B

For more information on cheatsheets, see the original project for community cheatsheets.

License

Cheatsheets are licensed under Creative Commons CC0 1.0. See LICENSE.txt for the full license text.