weyne/kaliwiki
1
0
Fork 0
mirror of https://github.com/mubix/kaliwiki.git synced 2025-10-29 16:59:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
kaliwiki/tools/sigfind.md
Stefan Molls 788305a83e Added forensics section
2014-04-23 10:38:32 -05:00

735 B
Raw Blame History

sigfind

Notes

sigfind searches through a file and looks for the hex_signature at a given offset. This can be used to search for lost boot sectors, superblocks, and partition tables.

Help Text

sigfind [-b bsize] [-o offset] [-t template] [-lV] [hex_signature] file
	-b bsize: Give block size (default 512)
	-o offset: Give offset into block where signature should exist (default 0)
	-l: Signature will be little endian in image
	-V: Version
	-t template: The name of a data structure template:
		dospart, ext2, ext3, fat, hfs, hfs+, ntfs, ufs1, ufs2

Example Usage

sigfind -o 510 -l AA55 disk.dd
sigfind -t fat disk.dd

Links

[1] http://www.sleuthkit.org/sleuthkit/man/sigfind.html