Man page - sigfind(1)
Packages contas this manual
- fcat(1)
- fsstat(1)
- icat(1)
- mmls(1)
- tsk_comparedir(1)
- blkcalc(1)
- fls(1)
- mmcat(1)
- img_cat(1)
- ils(1)
- ffind(1)
- jpeg_extract(1)
- sorter(1)
- blkls(1)
- srch_strings(1)
- ifind(1)
- usnjls(1)
- jls(1)
- tsk_recover(1)
- blkcat(1)
- tsk_loaddb(1)
- fiwalk(1)
- tsk_gettimes(1)
- mactime(1)
- blkstat(1)
- sigfind(1)
- img_stat(1)
- hfind(1)
- jcat(1)
- istat(1)
- mmstat(1)
Package: sleuthkit
apt-get install sleuthkit
apt-get install sleuthkit
Manuals in package:
Documentations in package:
Manual
| SIGFIND(1) | General Commands Manual | SIGFIND(1) |
NAME
sigfind - Find a binary signature in a file
SYNOPSIS
sigfind [-b bsize ] [-o offset ] [-t template ] [-lV] [ hex_signature ] file
DESCRIPTION
sigfind searches through a file and looks for the hex_signature at a given offset. This can be used to search for lost boot sectors, superblocks, and partition tables.
ARGUMENTS
- -b bsize
- Specify the block size in which to search. The default is 512 and the value must be a multiple of 512.
- -o offset
- Specify the offset in a block in which the signature must exist. The default is 0.
- -t template
- Specify a template name that defines the signature value and offset. Run with no options to get a list of supported templates.
- -l
- The signature is stored in little-endian ordering and must therefore be reversed.
- -V
- Display version
- [hex_signature]
- The binary signature that you are searching for. It must be given in hexadecimal format. This argument must exist if -t is not used.
- file
- Any raw data.
EXAMPLES
sigfind -o 510 -l AA55 disk.dd
sigfind -t fat disk.dd
AUTHOR
Brian Carrier <carrier at sleuthkit dot org>
Send documentation updates to <doc-updates at sleuthkit dot org>