Difference between revisions of "Strings"

From ForensicsWiki
Jump to: navigation, search
m (Reverted edits by AknV5e (Talk); changed back to last version by Jessek)
m
 
Line 5: Line 5:
 
== External Links ==
 
== External Links ==
 
* [http://www.microsoft.com/technet/sysinternals/Miscellaneous/Strings.mspx Strings for Windows]
 
* [http://www.microsoft.com/technet/sysinternals/Miscellaneous/Strings.mspx Strings for Windows]
* [http://www.openbsd.org/cgi-bin/man.cgi?query=strings Man page for BSD version of strings]
+
* [http://www.openbsd.org/cgi-bin/man.cgi?query=strings Manual page for BSD version of strings]

Latest revision as of 13:50, 15 January 2008

Strings is a program that prints out any ASCII or Unicode strings in the input file. Forensic examiners can use strings to get a sense of the functionality of an unknown program. User prompts, error messages, and status messages can give hints, but should not be used as proof or lack or any functionality.

Most Linux distributions and other UNIX-like operating systems have a strings program included. There is a Windows version of strings by Microsoft's Mark Russinovich. Note that the Windows version prints an output header and searches for both ASCII and Unicode strings by default.

External Links