Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

sigfind(1) [debian man page]

SIGFIND(1)						      General Commands Manual							SIGFIND(1)

NAME

       sigfind - Find a binary signature in a file

SYNOPSIS

       sigfind [-b bsize ] [-o offset ] [-t template ] [-lV] [ hex_signature ] file

DESCRIPTION

       sigfind	searches  through  a  file  and  looks for the hex_signature at a given offset.  This can be used to search for lost boot sectors,
       superblocks, and partition tables.

ARGUMENTS

       -b bsize
	      Specify the block size in which to search.  The default is 512 and the value must be a multiple of 512.

       -o offset
	      Specify the offset in a block in which the signature must exist.	The default is 0.

       -t template
	      Specify a template name that defines the signature value and offset.  Run with no options to get a list of supported templates.

       -l     The signature is stored in little-endian ordering and must therefore be reversed.

       -V     Display version

       [hex_signature]
	      The binary signature that you are searching for.	It must be given in hexadecimal format.  This argument must exist  if  -t  is  not
	      used.

       file   Any raw data.

EXAMPLES

       sigfind -o 510 -l AA55 disk.dd

       sigfind -t fat disk.dd

AUTHOR

       Brian Carrier <carrier at sleuthkit dot org>

       Send documentation updates to <doc-updates at sleuthkit dot org>

																	SIGFIND(1)

Check Out this Related Man Page

FFIND(1)						      General Commands Manual							  FFIND(1)

NAME

       ffind - Finds the name of the file or directory using a given inode

SYNOPSIS

       ffind [-aduvV] [-f fstype] [-i imgtype] [-o imgoffset] [-b dev_sector_size] image inode

DESCRIPTION

       ffind  finds  the  names  of files or directories that are allocated to inode on disk image image.  By default it only will only return the
       first name it finds.  With some file systems, this will find deleted file names.

ARGUMENTS

       image [images]
	      One (or more if split) disk or partition images whose format is given with '-i'.

       inode  Integer of inode to find.

	      The optional arguments are:

       -a     Find all occurrences of inode.

       -d     Find deleted entries only.

       -f fstype
	      Identify the file system type of the image.  Use '-f list' to list the supported file system types.   If	not  given,  autodetection
	      methods are used.

       -u     Find undeleted entries only.

       -i imgtype
	      Identify	the  type  of  image  file, such as raw or split.  Use '-i list' to list the supported types.  If not given, autodetection
	      methods are used.

       -o imgoffset
	      The sector offset where the file system starts in the image.

       -b dev_sector_size
	      The size, in bytes, of the underlying device sectors.  If not given, the value in the  image  format  is	used  (if  it  exists)	or
	      512-bytes is assumed.

       -v     Verbose output to stderr.

       -V     Display version.

       This program searches all directory entries looking for the given inode.  This is useful when an inode has been identified from a disk unit
       address using ifind(1).

EXAMPLE

       # ffind -a image 212

SEE ALSO

       ifind(1)

AUTHOR

       Brian Carrier <carrier at sleuthkit dot org>

       Send documentation updates to <doc-updates at sleuthkit dot org>

																	  FFIND(1)
Man Page