What command retrieves the metadata of a file such as MAC times and file size?

The command that retrieves the metadata of a file, including MAC (Modified, Accessed, and Changed) times and file size, is 'istat'. This command is particularly relevant in file systems used by certain operating systems, such as UNIX and Linux, where it allows users to view detailed information about a specific file without opening or modifying it.

When using 'istat', you can access various metadata details associated with the file in question, making it a valuable tool for digital forensics. This command provides insights not only into the file size but also into the time stamps related to its last access and modification, which are crucial for forensic investigations. In such contexts, understanding the timeline of file interactions can be pivotal in analyzing behaviors, usage patterns, and potential unauthorized access.

The other options are not typically used for retrieving the same scope of metadata or do not directly relate to standard metadata extraction in most systems. For example, 'getfattr' is focused on retrieving extended attributes set on files, which may not include standard MAC times or file size. Similarly, 'finfo' and 'inode -d' may offer some file information but do not focus specifically on the comprehensive metadata details provided by 'istat'.