bstrings 1.0 released

Eric Zimmerman keeps developing amazing digital forensic tools. In the new version of his bstrings tool the following switches have been added:

ar: ASCII character range. This should be specified as a regular expression, such as [\x20-\x7E];
ur: Unicode character range. This should be specified as a regular expression, such as [\u0020-\u007E];
mask: When used with the -d switch, allows for specifying a wildcard (* and ? are supported), so you can do something like -d C:\windows\system32 –mask “*.dll”;
cp: The identifier of the codepage to use. 1252 is the default, but if you really wanted to search for IBM EBCDIC Turkish encoded strings, you can do –cp 20905 and go crazy.

strings_digital_forensics_weare4n6

You can read more about these switches here and download the tool here.

Digital Forensics

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.