Rename tool pages to lowercase/underscore CLI names

- 26 tool pages renamed: Hfind→hfind, Icat→icat, Blkcalc→blkcalc, etc.
- Underscore names: img_cat, img_stat, disk_stat, disk_sreset,
  tsk_comparedir, tsk_gettimes, tsk_loaddb, tsk_recover
- Each renamed page includes redirect_from for old capitalised URL
  so existing links and bookmarks continue to work
- 404.html REDIRECT_MAP updated to point to new lowercase slugs
- index.md Tools section now shows lowercase tool names
- convert.py updated with TITLE_OVERRIDES dict for future re-runs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: bcarrier

.gitignore

@@ -16,3 +16,6 @@ _site/
 # counterproductive to check this file into the repository.
 # Details at https://github.com/github/pages-gem/issues/768
 Gemfile.lock
+
+.DS_Store
+.github/.DS_Store

404.html

@@ -119,18 +119,19 @@ <h1 class="page-title mb-4">Page Not Found</h1>
   // Covers all #REDIRECT pages from the original export.
   // ---------------------------------------------------------------------------
   var REDIRECT_MAP = {
+    // --- #REDIRECT pages from the original wiki ---
     'autopsy 3':                      'Autopsy',
     'autopsy 3 data flow':            'Autopsy-3-Nodes-and-Data-Flow',
     'autopsy forensic browser':       'Autopsy',
     'books on tsk':                   'Books-and-Courses',
     'books and courses on tsk':       'Books-and-Courses',
     'data units':                     'Data-unit',
-    'dcalc':                          'Blkcalc',
-    'dcat':                           'Blkcat',
+    'dcalc':                          'blkcalc',
+    'dcat':                           'blkcat',
     "developer's guide":              'TSK-Developers-Guide',
-    'dls':                            'Blkls',
+    'dls':                            'blkls',
     'documents on using tsk':         'Books-and-Courses',
-    'dstat':                          'Blkstat',
+    'dstat':                          'blkstat',
     'ext2/3':                         'ExtX',
     'fragments':                      'Fragment',
     "library user's guide":           'TSK-Library-Users-Guide',
@@ -142,7 +143,37 @@ <h1 class="page-title mb-4">Page Not Found</h1>
     'sectors':                        'Sector',
     'tsk':                            'The-Sleuth-Kit',
     'timeline':                       'Timelines',
-    'tools using tsk':                'Tools-Using-TSK-or-Autopsy'
+    'tools using tsk':                'Tools-Using-TSK-or-Autopsy',
+    // --- Renamed tool pages (old capitalised slug → new lowercase slug) ---
+    // Handles ?title=Blkcalc, /wiki/Blkcalc, etc. where titleToSlug fallback
+    // would produce the wrong capitalised URL.
+    'blkcalc':                        'blkcalc',
+    'blkcat':                         'blkcat',
+    'blkls':                          'blkls',
+    'blkstat':                        'blkstat',
+    'ffind':                          'ffind',
+    'fls':                            'fls',
+    'fsstat':                         'fsstat',
+    'hfind':                          'hfind',
+    'icat':                           'icat',
+    'ifind':                          'ifind',
+    'ils':                            'ils',
+    'istat':                          'istat',
+    'jcat':                           'jcat',
+    'jls':                            'jls',
+    'mac-robber':                     'mac-robber',
+    'mactime':                        'mactime',
+    'sigfind':                        'sigfind',
+    'sorter':                         'sorter',
+    // --- Tools with underscores (old ?title=Disk_stat → "disk stat" after _ replace) ---
+    'disk sreset':                    'disk_sreset',
+    'disk stat':                      'disk_stat',
+    'img cat':                        'img_cat',
+    'img stat':                       'img_stat',
+    'tsk comparedir':                 'tsk_comparedir',
+    'tsk gettimes':                   'tsk_gettimes',
+    'tsk loaddb':                     'tsk_loaddb',
+    'tsk recover':                    'tsk_recover'
   };
 
   // ---------------------------------------------------------------------------

Body-file.md

@@ -11,7 +11,7 @@ redirect_from:
 last_modified: 2009-04-27
 ---
 
-The body file is an intermediate file when creating a [timeline](/Timeline/) of file activity.  It is a pipe ("|") delimited text file that contains one line for each file (or other even type, such as a log or registry key). The [fls](/Fls/), [ils](/Ils/), and [mac-robber](/Mac-robber/) tools all output this data format.   The [mactime](/Mactime/) tool reads this file and sorts the contents (therefore the format is sometimes referred to as the "mactime format"). 
+The body file is an intermediate file when creating a [timeline](/Timeline/) of file activity.  It is a pipe ("|") delimited text file that contains one line for each file (or other even type, such as a log or registry key). The [fls](/fls/), [ils](/ils/), and [mac-robber](/mac-robber/) tools all output this data format.   The [mactime](/mactime/) tool reads this file and sorts the contents (therefore the format is sometimes referred to as the "mactime format"). 
 
 The body file format in TSK 3.0+ is different from the format used in TSK 1.X and 2.X. 
 

FAT-Implementation-Notes.md

@@ -41,9 +41,9 @@ non-"data area" sectors.
 
 This problem was solved by making the sector as the addressable
 unit, instead of the cluster.  When a file is described (using
-[istat](/Istat/) for example), the sector addresses are given.   In the
-output of [fsstat](/Fsstat/), the File Allocation Table contents are displayed
-in sectors and when using [blkls](/Blkls/) -l, the sector status is given.
+[istat](/istat/) for example), the sector addresses are given.   In the
+output of [fsstat](/fsstat/), the File Allocation Table contents are displayed
+in sectors and when using [blkls](/blkls/) -l, the sector status is given.
 
 This actually makes manual data recovery easier because one can
 use 'dd' to carve out data using the sector addresses.  If clusters
@@ -55,7 +55,7 @@ FAT describes its files in a directory entry structure, which is
 contained in the sectors allocated by the parent directory.  The
 directory entry structures have a fixed size of 32-bytes, not
 addressed, and can exist anywhere in the partition.  The Sleuth
-Kit needs some form of [Metadata Address](/Metadata-Address/) for each file, 
+Kit needs some form of [Metadata Address](/Metadata-address/) for each file, 
 so this became a problem.  Also, the root directory does not have
 a directory entry.  In other words, there is no descriptive
 information for the root directory.
@@ -85,10 +85,10 @@ If the tool displays the time in a nice ASCII format, the same
 timezone will be used to translate the offset value into a date.
 Therefore, you can use any timezone value and the time will not
 change (just the timezone name). On the other hand, if you use a
-tool such as [ils](/Ils/) or [fls](/Fls/) -m, which display the time in the offset
+tool such as [ils](/ils/) or [fls](/fls/) -m, which display the time in the offset
 format, then it will have the offset of the current timezone or
 the one specified with '-z'.  Therefore, ensure that the same '-z'
-argument is used with [mactime](/Mactime/) to display the correct time in
+argument is used with [mactime](/mactime/) to display the correct time in
 the [timeline](/Timeline/).
 
 # General Notes on Time

FS-Analysis.md

@@ -27,7 +27,7 @@ education.
 The techniques used here apply to both UNIX and Windows file systems.
 
 # Timelines
-The steps from the [timeline](/Timeline/) Sleuth Kit Implementation Notes are followed and you notice some interesting activity from unallocated inodes, namely MFT Entry 5035 from image c_drive.dd.  To display the contents of this file, use [icat](/Icat/):
+The steps from the [timeline](/Timeline/) Sleuth Kit Implementation Notes are followed and you notice some interesting activity from unallocated inodes, namely MFT Entry 5035 from image c_drive.dd.  To display the contents of this file, use [icat](/icat/):
 
 ```
 # icat images/c_drive.dd 5035 | less
@@ -37,7 +37,7 @@ NOTE: To prevent your terminal from getting messed up, pipe all
 output of "icat" through a pager like "less".
 
 # Search
-In this scenario, we will search the unallocated space of the "wd0e.dd" image for the string "abcdefg".  The first step is to extract the unallocated disk units using the [blkls](/Blkls/) tool (as this is an FFS image, the addressable units are fragments).
+In this scenario, we will search the unallocated space of the "wd0e.dd" image for the string "abcdefg".  The first step is to extract the unallocated disk units using the [blkls](/blkls/) tool (as this is an FFS image, the addressable units are fragments).
 
 ```
 # blkls images/wd0e.dd > output/wd0e.blkls
@@ -57,7 +57,7 @@ Use the UNIX grep(1) utility to search the strings file.
 ```
 
 We notice that the string is located at byte 10389739.  Next,
-determine what fragment.  To do this, we use the [fsstat](/Fsstat/) tool:
+determine what fragment.  To do this, we use the [fsstat](/fsstat/) tool:
 
 ```
 # fsstat -t ufs images/wd0e.dd
@@ -72,7 +72,7 @@ determine what fragment.  To do this, we use the [fsstat](/Fsstat/) tool:
 This shows us that each fragment is 1024 bytes long.  Using a
 calculator, we find that byte 10389739 divided by 1024 is 10146
 (and change).  This means that the string "abcdefg" is located in
-fragment 10146 of the [blkls](/Blkls/) generated file.  This does not really
+fragment 10146 of the [blkls](/blkls/) generated file.  This does not really
 help us because the blkls image is not a real file system.  To view
 the full fragment from the blkls image, we can use dd:
 
@@ -81,7 +81,7 @@ the full fragment from the blkls image, we can use dd:
 ```
 
 Next, we will identify where this fragment is in the original image.
-The [blkcalc](/Blkcalc/) tool will be used for this.  "blkcalc" will return the
+The [blkcalc](/blkcalc/) tool will be used for this.  "blkcalc" will return the
 "address" in the original image when given the "address" in the
 blkls generated image.  (NOTE, this is currently kind of slow).  The
 '-u' flag shows that we are giving it an blkls address.  If the '-d'
@@ -102,15 +102,15 @@ the contents of this fragment, we can use "blkcat".
 
 To make more sense of this, let us identify if there is a meta data
 structure that still has a pointer to this fragment.  This is achieved
-using [ifind](/Ifind/).  The '-a' argument means to find all occurrences.
+using [ifind](/ifind/).  The '-a' argument means to find all occurrences.
 
 ```
 # ifind -a images/wd0e.dd 59382
   493
 ```
 
 Inode 493 has a pointer to fragment 59382.  Let us get more information
-about inode 493, using [istat](/Istat/).
+about inode 493, using [istat](/istat/).
 
 ```
 # istat images/wd0e.dd 493
@@ -128,7 +128,7 @@ about inode 493, using [istat](/Istat/).
 ```
 
 Next, let us find out if there is a file that is still associated with
-this (unallocated) inode.  This is done using [ffind](/Ffind/).
+this (unallocated) inode.  This is done using [ffind](/ffind/).
 
 ```
 # ffind -a images/wd0e.dd 493
@@ -151,7 +151,7 @@ As previously mentioned, Autopsy will do all of this for you when
 you do a keyword search of unallocated space.
 
 # Deleted Content
-To view all of the deleted file names in an image, use the [fls](/Fls/) tool.
+To view all of the deleted file names in an image, use the [fls](/fls/) tool.
 For all deleted files, use the '-r' flag for recursive and '-d' flag
 for deleted.