Forums
Main Category
General (Technical,...
using strings util
 
Notifications
Clear all

using strings util

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Anonymous 18 years ago
6 Posts
5 Users
0 Reactions
720 Views
RSS
 Anonymous
(@Anonymous)
Guest
Joined: 1 second ago
Posts: 0
Topic starter 13/01/2008 10:35 am  

A forensic person I'm working with just turned me on to
strings (the UNIX utility) and said that it is a good tool for finding strings in binary files.

Don't yet have any experience using it, and I'm wondering if anyone here has any good examples (or might link to some)?

For example, I'm guessing you could just grab a dd image of a hard drive with a tool like dcfldd.

Then run strings on that dd image and grep that output.

strings -t d /path/to/ddImage.dd > ASCIIoutput
strings -t d -e l /path/to/ddImage.dd > UNICODEoutput


   
Quote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
13/01/2008 5:29 pm  

Google.com


   
ReplyQuote
 Hvva
(@hvva)
Active Member
Joined: 18 years ago
Posts: 14
13/01/2008 9:47 pm  

I always check the man pages when I am learning a new command
http//unixhelp.ed.ac.uk/CGI/man-cgi?strings
(also just ´man strings´ in the terminal)

Also maybe this can help get you started
http//www.computing.net/unix/wwwboard/forum/4566.htm

I would be interested in learning what else you find. Especially common uses geared towards investigations.

~Joshua


   
ReplyQuote
 ronanmagee
(@ronanmagee)
Estimable Member
Joined: 20 years ago
Posts: 145
14/01/2008 3:28 am  

Strings is a very handy tool but can return lots of results that are unmanageable. Strings is good at identifying text in Alternative Data Streams (ADS).

Dont forget about sed and awk for extra power - check the *nix manual for syntax or try google aswell.

Ronan


   
ReplyQuote
 Buster
(@buster)
Eminent Member
Joined: 18 years ago
Posts: 28
16/01/2008 4:31 pm  

If you have not already done so I would suggest reading "The Beginner's Guide v3.21" by Barry Grundy. It can be downloaded at Linux LEO along with some test files and images. The document has a section on searching but generally provides a good intro to linux forensics.

Stu


   
ReplyQuote
 Anonymous
(@Anonymous)
Guest
Joined: 1 second ago
Posts: 0
Topic starter 16/01/2008 9:10 pm  

Ah, here we go

The Beginner's Guide v3.21

Floppy Practice Image (practical.floppy.dd)
"Able2" Ext2 Disk Image (able2.tar.gz)
Practice Log Archive (logs.v3.tar.gz)
Raw Carving Practice (image_carve.raw)
NTFS Image (ntfs_pract.dd.gz)
NTFS E01 (EWF) Image (ntfs_pract.E01)
MD5 Checksums (md5sums.txt)


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: