|forensics-colorize(1)||show differences between files using color graphics||forensics-colorize(1)|
forensics-colorize - show differences between files using color graphics
filecompare [-b size[bkmgpe]] [-Vh] FILE1 FILE2 colorize [-h|-V] [-w <num>] [-ovd] FILES
forensics-colorize is a set of tools to visually compare large files, as filesystem images, creating graphics of them. It is intuitive because the produced graphics provide a quick and perfect sense about the percentage of changes between two files.
Comparing large textual files using a simple diff can produce a very big result in lines, causing confusion. On the other hand, diff is improper to compare binary files.
forensics-colorize uses two command line programs: filecompare and colorize. The filecompare command is used to create a special and auxiliary input file for colorize. The colorize command will generate an intuitive graphic that will make easier to perceive the level of changes between the files. In other words, you can use the filecompare command to generate a graphic to be analyzed by colorize command.
OPTIONS FOR FILECOMPARE¶
OPTIONS FOR COLORIZE¶
To generate an initial graphic between 'test1' and 'test2' files to be analyzed by colorize:
To analyze the result:
$ filecompare test1 test2 > test.fc
The last command will generate the test.fc.bmp file. You can open it using a trivial image viewer, as sxiv or similar. If using default parameters for the both commands (filecompare and colorize), unchanged parts will be shown as green and changed parts will be colorized with red.
$ colorize test.fc
To get larger or smaller final graphics, use the -b option for the 'filecompare' command. As an example, the following command will produce a result greater than the default:
$ filecompare -b 64 test1 test2 > test.fc
In most cases, the default block size is the same of the logical disk sector value (now a days, 512 bytes). Try 'fdisk -l' or 'gdisk -l /dev/<disk>' to find the right value.
The forensics-colorize was written by Jesse Kornblum <email@example.com>.
This manual page was written by Joao Eriberto Mota Filho <firstname.lastname@example.org> for the Debian project (but may be used by others).
|Sep 2015||FORENSICS-COLORIZE 1.1|