Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

sigfind(1) [debian man page]

SIGFIND(1)						      General Commands Manual							SIGFIND(1)

NAME

       sigfind - Find a binary signature in a file

SYNOPSIS

       sigfind [-b bsize ] [-o offset ] [-t template ] [-lV] [ hex_signature ] file

DESCRIPTION

       sigfind	searches  through  a  file  and  looks for the hex_signature at a given offset.  This can be used to search for lost boot sectors,
       superblocks, and partition tables.

ARGUMENTS

       -b bsize
	      Specify the block size in which to search.  The default is 512 and the value must be a multiple of 512.

       -o offset
	      Specify the offset in a block in which the signature must exist.	The default is 0.

       -t template
	      Specify a template name that defines the signature value and offset.  Run with no options to get a list of supported templates.

       -l     The signature is stored in little-endian ordering and must therefore be reversed.

       -V     Display version

       [hex_signature]
	      The binary signature that you are searching for.	It must be given in hexadecimal format.  This argument must exist  if  -t  is  not
	      used.

       file   Any raw data.

EXAMPLES

       sigfind -o 510 -l AA55 disk.dd

       sigfind -t fat disk.dd

AUTHOR

       Brian Carrier <carrier at sleuthkit dot org>

       Send documentation updates to <doc-updates at sleuthkit dot org>

																	SIGFIND(1)

Check Out this Related Man Page

MMCAT(1)						      General Commands Manual							  MMCAT(1)

NAME

       mmcat - Output the contents of a partition to stdout

SYNOPSIS

       mmcat [-t mmtype ] [-o offset ] [ -i imgtype ] [-b dev_sector_size] [-vV] image [images] part_num

DESCRIPTION

       mmcat outputs the contents of a specific volume to stdout.  This allows you to extract the contents of a partition to a separate file.

ARGUMENTS

       -t mmtype
	      Specify the media management type.  Use '-t list' to list the supported types. If not given, autodetection methods are used.

       -o offset
	      Specify  the  offset  into  the image where the volume containing the partition system starts.  The relative offset of the partition
	      system will be added to this value.

       -b dev_sector_size
	      The size, in bytes, of the underlying device sectors.  If not given, the value in the  image  format  is	used  (if  it  exists)	or
	      512-bytes is assumed.

       -i imgtype
	      Identify the type of image file, such as raw or split.  If not given, autodetection methods are used.

       -v     Verbose output of debugging statements to stderr

       -V     Display version

       image [images]
	      One (or more if split) disk images whose format is given with '-i'.

       part_num
	      Address of partition to process.	See the mmls output to determine the address of the partitions.

AUTHOR

       Brian Carrier <carrier at sleuthkit dot org>

       Send documentation updates to <doc-updates at sleuthkit dot org>

																	  MMCAT(1)
Man Page