Difference between revisions of "Strings"

From ForensicsWiki
Jump to: navigation, search
m (External Links: - Fixed link text)
Line 4: Line 4:
== External Links ==
== External Links ==
* [http://www.openbsd.org/cgi-bin/man.cgi?query=strings Man page for BSD version of strings]
* [http://www.openbsd.org/cgi-bin/man.cgi?query=strings

Revision as of 02:01, 19 May 2007

Strings is a program that prints out any ASCII or Unicode strings in the input file. Forensic examiners can use strings to get a sense of the functionality of an unknown program. User prompts, error messages, and status messages can give hints, but should not be used as proof or lack or any functionality.

Most Linux and UNIX distributions have a strings program included. For Windows there is a SysInternals version of strings by Mark Russinovich. The most recent release was SysInternals strings version 2.30 on 1 Nov 2006. Note that the Windows version searches for both ASCII and Unicode strings by default.

External Links