// arsenal·Forensics & REIntermediateFOSS

binwalk

Firmware analysis tool — identifies and extracts embedded files.

Forensics & RE

$ binwalk --help

binwalk

// what it is

Description

ReFirm Labs' tool for picking apart firmware images. Identifies and extracts embedded archives (gzip, zip, tar, JFFS2, SquashFS) and executables. The first step in any router/IoT firmware analysis.

// use cases

What people use it for

Firmware extraction
Embedded file recovery
Identifying file types in unknown binaries

// commands

The commands you'll type

Identify embedded files

$ binwalk firmware.bin

Extract everything

$ binwalk -e firmware.bin

// facts

category: Forensics & RE
platforms: LIN · WIN · MAC
license: FOSS
difficulty: Intermediate

// links

// related in Forensics & RE

Forensics & REAdvanced

Volatility

Open-source memory-forensics framework — reads RAM images and reconstructs system state.

FOSS

LIN·WIN·MAC

open entry →

Forensics & REIntermediate

Autopsy

Open-source digital-forensics GUI on top of The Sleuth Kit.

FOSS

LIN·WIN·MAC

open entry →

Forensics & REBeginner

FTK Imager

Exterro's free disk-imaging utility — the de facto standard for forensic disk capture.

Freemium

WIN·MAC

open entry →