Difference between revisions of "Strings"

From ForensicsWiki
Jump to: navigation, search
m
m
 
(5 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
Strings is a program that prints out any [[ASCII]] or [[Unicode]] strings in the input file. Forensic examiners can use strings to get a sense of the functionality of an unknown program. User prompts, error messages, and status messages can give hints, but should not be used as proof or lack or any functionality.
 
Strings is a program that prints out any [[ASCII]] or [[Unicode]] strings in the input file. Forensic examiners can use strings to get a sense of the functionality of an unknown program. User prompts, error messages, and status messages can give hints, but should not be used as proof or lack or any functionality.
  
Most [[Linux]] and [[UNIX]] distributions have a strings program included. For [[Windows]] there is a [[SysInternals]] version of strings by [[Mark Russinovich]]. The most recent release was [http://www.microsoft.com/technet/sysinternals/Miscellaneous/Strings.mspx SysInternals strings version 2.30] on 1 Nov 2006. Note that the Windows version searches for both ASCII and Unicode strings by default.  
+
Most [[Linux]] distributions and other UNIX-like operating systems have a strings program included. There is a [[Windows]] version of strings by [[Microsoft|Microsoft's]] [[Mark Russinovich]]. Note that the Windows version prints an output header and searches for both ASCII and Unicode strings by default.  
  
 
== External Links ==
 
== External Links ==
 
+
* [http://www.microsoft.com/technet/sysinternals/Miscellaneous/Strings.mspx Strings for Windows]
* [http://www.openbsd.org/cgi-bin/man.cgi?query=strings
+
* [http://www.openbsd.org/cgi-bin/man.cgi?query=strings Manual page for BSD version of strings]

Latest revision as of 14:50, 15 January 2008

Strings is a program that prints out any ASCII or Unicode strings in the input file. Forensic examiners can use strings to get a sense of the functionality of an unknown program. User prompts, error messages, and status messages can give hints, but should not be used as proof or lack or any functionality.

Most Linux distributions and other UNIX-like operating systems have a strings program included. There is a Windows version of strings by Microsoft's Mark Russinovich. Note that the Windows version prints an output header and searches for both ASCII and Unicode strings by default.

External Links