From: Debian Forensics <forensics-devel@lists.alioth.debian.org>
Date: Sat, 5 Aug 2017 13:57:57 +0200
Subject: _fix-manpages

===================================================================
---
 man/hfind.1        | 44 ++++++++++++++++++++++----------------------
 man/mactime.1      | 22 +++++++++++-----------
 man/tsk_gettimes.1 |  2 +-
 man/tsk_loaddb.1   |  4 ++--
 man/tsk_recover.1  |  2 +-
 5 files changed, 37 insertions(+), 37 deletions(-)

Index: sleuthkit/man/hfind.1
===================================================================
--- sleuthkit.orig/man/hfind.1
+++ sleuthkit/man/hfind.1
@@ -68,68 +68,68 @@ found in the index, the offset is record
 to the entry in the original database.
 
 The following input types are valid.  For NSRL, 'nsrl-md5' and
-\'nsrl-sha1' can be used.  The difference is which hash value the index is
+\(aqnsrl-sha1' can be used.  The difference is which hash value the index is
 sorted by.  The 'md5sum' value can also be used to sort and index "home made"
 databases.  'hfind' can take data in both common formats:
 
-	MD5 (test.txt) = 76b1f4de1522c20b67acc132937cf82e
+    MD5 (test.txt) = 76b1f4de1522c20b67acc132937cf82e
 
 and
 
-	76b1f4de1522c20b67acc132937cf82e        test.txt
+    76b1f4de1522c20b67acc132937cf82e        test.txt
 
 .SH EXAMPLES
 To create an MD5 index file for NIST NSRL:
 
-	# hfind \-i nsrl-md5 /usr/local/hash/nsrl/NSRLFile.txt
+    # hfind \-i nsrl-md5 /usr/local/hash/nsrl/NSRLFile.txt
 
 To lookup a value in the NSRL:
 
-	# hfind /usr/local/hash/nsrl/NSRLFile.txt 76b1f4de1522c20b67acc132937cf82e
+    # hfind /usr/local/hash/nsrl/NSRLFile.txt 76b1f4de1522c20b67acc132937cf82e
 
-	76b1f4de1522c20b67acc132937cf82e  Hash Not Found
+    76b1f4de1522c20b67acc132937cf82e  Hash Not Found
 
 You can even do both SHA-1 and MD5 if you want:
 
-	# hfind \-i nsrl-sha1 /usr/local/hash/nsrl/NSRLFile.txt
+    # hfind \-i nsrl-sha1 /usr/local/hash/nsrl/NSRLFile.txt
 
-	# hfind /usr/local/hash/nsrl/NSRLFile.txt
-	76b1f4de1522c20b67acc132937cf82e
-	80001A80B3F1B80076B297CEE8805AAA04E1B5BA
+    # hfind /usr/local/hash/nsrl/NSRLFile.txt
+    76b1f4de1522c20b67acc132937cf82e
+    80001A80B3F1B80076B297CEE8805AAA04E1B5BA
 
-	76b1f4de1522c20b67acc132937cf82e  Hash Not Found
+    76b1f4de1522c20b67acc132937cf82e  Hash Not Found
 
-	80001A80B3F1B80076B297CEE8805AAA04E1B5BA  thrdcore.cpp
+    80001A80B3F1B80076B297CEE8805AAA04E1B5BA  thrdcore.cpp
 
 To make a database of critical binaries of a trusted system, use 'md5sum':
 
-	# md5sum /bin/* /sbin/* /usr/bin/* /usr/bin/* /usr/local/bin/* /usr/local/sbin/* > system.md5
+    # md5sum /bin/* /sbin/* /usr/bin/* /usr/bin/* /usr/local/bin/* /usr/local/sbin/* > system.md5
 
-	# hfind \-i md5sum system.md5
+    # hfind \-i md5sum system.md5
 
 To look entries up, the following will work:
 
-	# hfind system.md5 76b1f4de1522c20b67acc132937cf82e
+    # hfind system.md5 76b1f4de1522c20b67acc132937cf82e
 
-	76b1f4de1522c20b67acc132937cf82e  Hash Not Found
+    76b1f4de1522c20b67acc132937cf82e  Hash Not Found
 
 or
 
-	# md5sum \-q /bin/* | hfind system.md5
+    # md5sum \-q /bin/* | hfind system.md5
 
-	928682269cd3edb1acdf9a7f7e606ff2  /bin/bash
+    928682269cd3edb1acdf9a7f7e606ff2  /bin/bash
 
-	<...>
+    <...>
 
 or
 
-	# md5sum \-q /bin/* > bin.md5
+    # md5sum \-q /bin/* > bin.md5
 
-	# hfind \-f bin.md5 system.md5
+    # hfind \-f bin.md5 system.md5
 
-	928682269cd3edb1acdf9a7f7e606ff2  /bin/bash
+    928682269cd3edb1acdf9a7f7e606ff2  /bin/bash
 
-	<...>
+    <...>
 
 
 .SH "SEE ALSO"
Index: sleuthkit/man/mactime.1
===================================================================
--- sleuthkit.orig/man/mactime.1
+++ sleuthkit/man/mactime.1
@@ -1,8 +1,8 @@
-.TH MACTIME 1 
+.TH MACTIME 1
 .SH NAME
 mactime \- Create an ASCII time line of file activity
 .SH SYNOPSIS
-.B  mactime [-b 
+.B  mactime [-b
 .I body
 .B ] [-g 
 .I group file
@@ -17,7 +17,7 @@ mactime \- Create an ASCII time line of
 .B mactime
 creates an ASCII time line of file activity based on the body file
 specified by '\-b' or from STDIN.  The time line is written to STDOUT.
-The body file must be in the time machine format that is created 
+The body file must be in the time machine format that is created
 by 'ils \-m', 'fls \-m', or the mac-robber tool.
 
 .SH ARGUMENTS
@@ -29,13 +29,13 @@ tools can also be used to generate the f
 Specify the location of the group file.  mactime will display the group
 name instead of the GID if this is given.
 .IP "-p password file"
-Specify the location of the passwd file.  mactime will display the 
-user name instead of the UID of this is given.  
+Specify the location of the passwd file.  mactime will display the
+user name instead of the UID of this is given.
 .IP "-i day|hour index file"
-Specify the location of an index file to write to.  The first argument 
+Specify the location of an index file to write to.  The first argument
 specifies the granularity, either an hourly summary or daily.  If the
-\'\-d\' flag is given, then the summary will be separated by a ',' to
-import into a spread sheet. 
+\(aq\-d\(aq flag is given, then the summary will be separated by a ',' to
+import into a spread sheet.
 .IP -d
 Display timeline and index files in comma delimited format.  This is used
 to import the data into a spread sheet for presentations or graphs.
@@ -43,14 +43,14 @@ to import the data into a spread sheet f
 Display header info about the session including time range, input source,
 and passwd or group files.
 .IP -V
-Display version to STDOUT. 
+Display version to STDOUT.
 .IP -m
-The month is given as a number instead of name (does not work with -y).
+The month is given as a number instead of name (does not work with \-y).
 .IP -y
 The date is displayed in ISO8601 format.
 .IP "-z TIME_ZONE"
 The timezone from where the data was collected.  The name of this argument
-is system dependent (examples include EST5EDT, GMT+1).  Does not work with -y.
+is system dependent (examples include EST5EDT, GMT+1).  Does not work with \-y.
 .IP "-z list"
 List valid timezones.
 .IP DATE_RANGE
@@ -61,7 +61,7 @@ Date can contain time, use format yyyy-m
 ending date.
 
 .SH LICENSE
-The changes from mactime in TCT and mac-daddy are distributed under the Common Public License, found in the 
+The changes from mactime in TCT and mac-daddy are distributed under the Common Public License, found in the
 .I cpl1.0.txt
 file in the The Sleuth Kit licenses directory.
 
Index: sleuthkit/man/tsk_gettimes.1
===================================================================
--- sleuthkit.orig/man/tsk_gettimes.1
+++ sleuthkit/man/tsk_gettimes.1
@@ -16,7 +16,7 @@ tsk_gettimes - Collect MAC times from a
 .I image [images]
 .SH DESCRIPTION
 .B tsk_gettimes
-examines each of the file systems in a disk image and returns the data about them in the MACtime body format (the same as running 'fls -m' on each file system).  The output of this can be used as input to mactime to make a timeline of file activity. The data is printed to STDOUT, which can then be redirected to a file.
+examines each of the file systems in a disk image and returns the data about them in the MACtime body format (the same as running 'fls \-m' on each file system).  The output of this can be used as input to mactime to make a timeline of file activity. The data is printed to STDOUT, which can then be redirected to a file.
 
 The arguments are as follows:
 .IP -v
Index: sleuthkit/man/tsk_loaddb.1
===================================================================
--- sleuthkit.orig/man/tsk_loaddb.1
+++ sleuthkit/man/tsk_loaddb.1
@@ -16,11 +16,11 @@ tsk_loaddb - populate a SQLite database
 .B tsk_loaddb
 loads disk information from 
 .I image
-to a SQLite database.  This database can then be used by tools in other languages for analysis. By default, the database is stored in the same directory as the image with ".db" appended to the name or the database name can be specified with '-d'. 
+to a SQLite database.  This database can then be used by tools in other languages for analysis. By default, the database is stored in the same directory as the image with ".db" appended to the name or the database name can be specified with '\-d'.
 
 The arguments are as follows:
 .IP "-a"
-Adds image to an existing database instead of creating a new one.  Requires that -d be also specified.
+Adds image to an existing database instead of creating a new one.  Requires that \-d be also specified.
 .IP "-d database"
 Path for the database (default is the same directory as the image with name derived from image name
 .IP -v
Index: sleuthkit/man/tsk_recover.1
===================================================================
--- sleuthkit.orig/man/tsk_recover.1
+++ sleuthkit/man/tsk_recover.1
@@ -47,7 +47,7 @@ Sector offset for a volume to recover (r
 If not given, will attempt to recover all volumes in image and save them
 to different folders. 
 .IP "-d dir_inum"
-Directory inum to recover from (must also specify a specific partition using -o or there must not be a volume system)
+Directory inum to recover from (must also specify a specific partition using \-o or there must not be a volume system)
 .IP "image [images]"
 The disk or partition image to read, whose format is given with '\-i'.
 Multiple image file names can be given if the image is split into multiple segments.
Index: sleuthkit/man/mmls.1
===================================================================
--- sleuthkit.orig/man/mmls.1
+++ sleuthkit/man/mmls.1
@@ -52,7 +52,7 @@ Multiple image file names can be given i
 If only one image file is given, and its name is the first in a sequence (e.g., as indicated by ending in '.001'), subsequent image segments will be included automatically.
 
 .PP
-\'mmls\' is similar to 'fdisk \-lu' in Linux with a few differences.
+\(aqmmls\(aq is similar to 'fdisk \-lu' in Linux with a few differences.
 Namely, it will show which sectors are not being used so that those
 can be searched for hidden data.  It also gives the length value so
 that it can be plugged into 'dd' more easily for extracting the
Index: sleuthkit/man/sorter.1
===================================================================
--- sleuthkit.orig/man/sorter.1
+++ sleuthkit/man/sorter.1
@@ -78,7 +78,7 @@ have priority over the standard files.
 .IP "-C config"
 Specify the location of the ONLY configuration file.  The standard config
 files will not be loaded if this option is given.  For example, in the
-\'share/sort\' directory there is a file called 'images.sort'.  This file
+\(aqshare/sort\(aq directory there is a file called 'images.sort'.  This file
 contains only rules about graphic images.  If it is specified with \-C, then
 only images will be saved about the image.  
 .IP "-m mnt"
@@ -140,7 +140,7 @@ operating system.  The specific one is d
 flag.  Each configuration file contains rules for processing the
 output of the 'file' command.  One type of line identifies which
 category (i.e. 'images') a given 'file' output belongs to (i.e.
-\'image data\') (using regular expressions).  Another rule shows the
+\(aqimage data\(aq) (using regular expressions).  Another rule shows the
 file extensions (i.e. .txt) that belong to a 'file' output (i.e.
 ASCII(.*?)text).  See the Rules section below.
 
@@ -180,7 +180,7 @@ as there are links to each file from the
 
 The program will also consult the rules about the file extension.
 If the file has an extension at the end of it (anything after a
-\'.\'), it will be compared to the rules.  If the extension is not
+\(aq.\(aq), it will be compared to the rules.  If the extension is not
 found in the rules as a valid extension for the file type, it will
 be added to the file of 'mismatch'.  If the file does not have an
 extension it will not be entered even if the file type has valid
@@ -226,7 +226,7 @@ a category, but only one category can ex
 For example:
 
 This saves all file output with 'image data' anywhere in it to the
-\'images\' category:  
+\(aqimages\(aq category:
     category        images          image data
 
 This saves all file output that has 'ASCII' followed by anything and