Difference between revisions of "Strings"

From ForensicsWiki
Jump to: navigation, search
Line 5: Line 5:
== External Links ==
== External Links ==
* [http://www.openbsd.org/cgi-bin/man.cgi?query=strings&sektion=1&apropos=0&manpath=OpenBSD+Current&arch= Man Page for OpenBSD version of strings]
* [http://www.openbsd.org/cgi-bin/man.cgi?query=strings

Revision as of 00:44, 11 April 2007

Strings is a program that prints out any ASCII or Unicode strings in the input file. Forensic examiners can use strings to get a sense of the functionality of an unknown program. User prompts, error messages, and status messages can give hints, but should not be used as proof or lack or any functionality.

Most Linux and UNIX distributions have a strings program included. For Windows there is a SysInternals version of strings by Mark Russinovich. The most recent release was SysInternals strings version 2.30 on 1 Nov 2006. Note that the Windows version searches for both ASCII and Unicode strings by default.

External Links