Man page - sigfind(1)
Packages contains this manual
- ifind(1)
- fls(1)
- mmls(1)
- blkstat(1)
- blkls(1)
- hfind(1)
- mmstat(1)
- jpeg_extract(1)
- jls(1)
- fsstat(1)
- ffind(1)
- tsk_gettimes(1)
- tsk_comparedir(1)
- sorter(1)
- tsk_recover(1)
- istat(1)
- img_cat(1)
- jcat(1)
- img_stat(1)
- blkcalc(1)
- fiwalk(1)
- srch_strings(1)
- icat(1)
- blkcat(1)
- ils(1)
- mactime(1)
- sigfind(1)
- mmcat(1)
- fcat(1)
- tsk_loaddb(1)
- usnjls(1)
apt-get install sleuthkit
Manual
SIGFIND
NAMESYNOPSIS
DESCRIPTION
ARGUMENTS
EXAMPLES
AUTHOR
NAME
sigfind - Find a binary signature in a file
SYNOPSIS
sigfind [-b bsize ] [-o offset ] [-t template ] [-lV] [ hex_signature ] file
DESCRIPTION
sigfind searches through a file and looks for the hex_signature at a given offset. This can be used to search for lost boot sectors, superblocks, and partition tables.
ARGUMENTS
-b bsize
Specify the block size in which to search. The default is 512 and the value must be a multiple of 512.
-o offset
Specify the offset in a block in which the signature must exist. The default is 0.
-t template
Specify a template name that defines the signature value and offset. Run with no options to get a list of supported templates.
|
-l |
The signature is stored in little-endian ordering and must therefore be reversed. |
||
|
-V |
Display version |
[hex_signature]
The binary signature that you are searching for. It must be given in hexadecimal format. This argument must exist if -t is not used.
|
file |
Any raw data. |
EXAMPLES
sigfind -o 510 -l AA55 disk.dd
sigfind -t fat disk.dd
AUTHOR
Brian Carrier <carrier at sleuthkit dot org>
Send documentation updates to <doc-updates at sleuthkit dot org>