cheatsheets-forensic
This repository contains forensic cheatsheets to be used with cheat and similar applications.
How to
Installation
First, install cheat.
Once cheat
is installed and configured, you can clone this
repository to a suitable location. Open the cheat
config file
(usually ~/.config/cheat/conf.yml
) and add the following to the
cheatpaths
section:
- name: forensics
path: /path/to/cheatsheets-forensic
tags: [ forensics ]
readonly: false
You might consider putting the cheatsheets-forensic
section
before the personal
section so that changes you make to any
of the sheets are given priority.
Usage
cheatsheets are simple text files that can be called and
displayed with the cheat
command:
$ cheat mmls
# Display a device or image partition table / layout
mmls /dev/<device>
mmls <image>
# Display a device or image partition table / layout with a
# column for size
mmls <image> -B
You can get a list of all your available cheatsheets with cheat -l
or search by a specific tag (forensics
, sleuthkit
, imaging
, etc.).
$ cheat -l -t <tagname>
Format
Cheatsheets are plain-text files that begin with an optional "front matter"
header in YAML format. The header may be used to assign "tags" to a sheet, and
to specify the sheet's syntax (bash
, python
, go
, etc).
When possible, cheatsheets should conform to this format:
---
syntax: bash
tags: [ sleuthkit ]
---
# To view a device or image partition table / layout
mmls /dev/<device>
mmls <image>
# To view a device or image partition table / layout with a
# column for size
mmls <image> -B
For more information on cheatsheets, see the original project for community cheatsheets.
License
Cheatsheets are licensed under Creative Commons CC0 1.0. See LICENSE.txt for the full license text.