// arsenal·Forensics & REBeginnerFOSS

strings

GNU binutils tool that prints printable character sequences from a binary.

Forensics & RE

$ strings --help

strings

// what it is

Description

Ancient (1980s) but indispensable. Reads a binary and prints every run of printable ASCII (or UTF-16 with `-el`) of 4+ chars. The first move on any unknown binary.

// use cases

What people use it for

Quick triage of unknown binaries
CTF rev challenge first-pass

// commands

The commands you'll type

ASCII strings >= 6 chars

$ strings -n 6 ./binary

UTF-16 strings (Windows)

$ strings -el ./malware.exe

// facts

category: Forensics & RE
platforms: LIN · MAC
license: FOSS
difficulty: Beginner

// links

Official site

// related in Forensics & RE

Forensics & REAdvanced

Volatility

Open-source memory-forensics framework — reads RAM images and reconstructs system state.

FOSS

LIN·WIN·MAC

open entry →

Forensics & REIntermediate

Autopsy

Open-source digital-forensics GUI on top of The Sleuth Kit.

FOSS

LIN·WIN·MAC

open entry →

Forensics & REBeginner

FTK Imager

Exterro's free disk-imaging utility — the de facto standard for forensic disk capture.

Freemium

WIN·MAC

open entry →