How it works...

Below is a list of the main commands used and their functions:

• mmstat:extracts information about the system volume type
• mmls: extracts information about disk layout, including unallocated spaces
• fsstat: extracts information about a file system, including volume serial number, cluster size, and so on
• fls: extracts information about both allocated and deleted file names in a directory
• mactime: creates a timeline of file activity based on a body file created with fls