Strings

From ForensicsWiki
Revision as of 21:01, 18 May 2007 by Jessek (Talk | contribs)

Jump to: navigation, search

Strings is a program that prints out any ASCII or Unicode strings in the input file. Forensic examiners can use strings to get a sense of the functionality of an unknown program. User prompts, error messages, and status messages can give hints, but should not be used as proof or lack or any functionality.

Most Linux and UNIX distributions have a strings program included. For Windows there is a SysInternals version of strings by Mark Russinovich. The most recent release was SysInternals strings version 2.30 on 1 Nov 2006. Note that the Windows version searches for both ASCII and Unicode strings by default.

External Links