Difference between revisions of "Strings"

From Forensics Wiki
Jump to: navigation, search
 
Line 1: Line 1:
Strings is a program that prints out any ASCII strings in the input file. It is often used to gather information on unknown programs. By reading the messages displayed to the user, the examiner can often get a feel for what the program is supposed to be doing.
+
Strings is a program that prints out any [[ASCII]] or [[Unicode]] strings in the input file. Forensic examiners can use strings to get a sense of the functionality of an unknown program. User prompts, error messages, and status messages can give hints, but should not be used as proof or lack or any functionality.
 +
 
 +
Most [[Linux]] and [[UNIX]] distributions have a strings program included. For [[Windows]] there is a [[SysInternals]] version of strings by [[Mark Russinovich]]. The most recent release was [http://www.microsoft.com/technet/sysinternals/Miscellaneous/Strings.mspx SysInternals strings version 2.30] on 1 Nov 2006. Note that the Windows version searches for both ASCII and Unicode strings by default.
 +
 
 +
== External Links ==
 +
 
 +
* [http://www.openbsd.org/cgi-bin/man.cgi?query=strings&sektion=1&apropos=0&manpath=OpenBSD+Current&arch= Man Page for OpenBSD version of strings]

Revision as of 12:10, 27 February 2007

Strings is a program that prints out any ASCII or Unicode strings in the input file. Forensic examiners can use strings to get a sense of the functionality of an unknown program. User prompts, error messages, and status messages can give hints, but should not be used as proof or lack or any functionality.

Most Linux and UNIX distributions have a strings program included. For Windows there is a SysInternals version of strings by Mark Russinovich. The most recent release was SysInternals strings version 2.30 on 1 Nov 2006. Note that the Windows version searches for both ASCII and Unicode strings by default.

External Links