LESSON 8 DIGITAL FORENSICS part V
2010-09-30 23:45
204 查看
8.2.3.2 grep
grep is an immensely powerful tool. It is used to find certain lines within a file. This allows you to
quickly find files that contain certain things within a directory or file system. It also allows for
searching on regular expressions. There are search patterns that allow you to specify criteria
that the search must match. For example: finding all strings in the dictionary that start with “s”
and finish with “t” to help with doing a crossword.
grep ^s.*t$ /usr/share/dict/words
Exercises:
1. Read the manual page for grep.
2. Look up regular expressions for grep on the Internet. Try to construct a regular expression
that looks for all words that are four letters long and contain an “a”.
8.2.3.3 strings
strings is another useful utility. This will search through a file of any type for human readable
strings. This can return a great deal of information about a specific file, often providing
information about the application that created it, authors, original creation time and so on.
Exercise:
1. Read the manual page for strings.
8.2.3.2 grep
grep 是一个很强大的工具。用来查找文件中的某个字符串。通过grep可以在某个文件夹或者文件系统中查找包含某个特殊字符串的文件。grep也可用来查找正则表达式。查找时有几种查找模式,通过这些模式来指定搜索内容要匹配的条件。例如:查找目录中以s开头,t结尾的字符串来帮助解密。
grep ^s.*t$ /usr/share/dict/words
练习:
1、阅读grep的人工指南。
2、在网上查找grep的常规表达式。试着创建一个正则表达式来查找所有包含一个a的四个字符长度的字符串。
8.3.3.3 strings
strings是另一个很有用的工具。查找任何类型的可以被人读取的文件。返回某个特殊文件大量信息。提供产生该文件的应用程序信息,以及作者,原创时间等等。
练习:
1、阅读strings的人工指南。
8.2.3.4 awk
awk is a programming language designed for working with strings. It is used to extract
information from one command to feed into another. For example, to take just the running
programs from the ps command, you would use the following:
ps | awk '{print $4}'
Exercise:
1. Read the manual page for awk.
8.2.3.5 The Pipe “|”
All of the above tools are easily combined using the UNIX “pipe” command. This is shown with
the “|” symbol. This allows you to take the output of one command and feed it down a pipe
to another command. To find all files in the current directory that are mpg files, use the
following:
ls | grep mpg
Exercises:
1. Using the pipe, the ls command and grep, find all files in the current directory that were
created this month.
2. Using the ps command and awk, print a list of all the running process names.
8.2.3.4 awk
awk 是和strings一起使用的编程语言。awk用来从一个指令中汲取信息反馈另一个指令中去。例如,从ps指令中调出运行的程序,你需要用下面语句:
ps | awk '{print $4}'
练习:
1、阅读awk的人工指南。
8.2.3.5 Pipe 命令“I”
以上所有的工具都可以通过pipe指令结合使用。用“|”表示。用一个pipe将两个指令连接起来。查找目录中所有的mpg文件,用下列指令:
ls | grep mpg
练习:使用pipe,Is指令和grep,查找当前目录中所有在这个月创建的文件。
2、用ps指令,awk,打印一个所有运行进程名的单子。
grep is an immensely powerful tool. It is used to find certain lines within a file. This allows you to
quickly find files that contain certain things within a directory or file system. It also allows for
searching on regular expressions. There are search patterns that allow you to specify criteria
that the search must match. For example: finding all strings in the dictionary that start with “s”
and finish with “t” to help with doing a crossword.
grep ^s.*t$ /usr/share/dict/words
Exercises:
1. Read the manual page for grep.
2. Look up regular expressions for grep on the Internet. Try to construct a regular expression
that looks for all words that are four letters long and contain an “a”.
8.2.3.3 strings
strings is another useful utility. This will search through a file of any type for human readable
strings. This can return a great deal of information about a specific file, often providing
information about the application that created it, authors, original creation time and so on.
Exercise:
1. Read the manual page for strings.
8.2.3.2 grep
grep 是一个很强大的工具。用来查找文件中的某个字符串。通过grep可以在某个文件夹或者文件系统中查找包含某个特殊字符串的文件。grep也可用来查找正则表达式。查找时有几种查找模式,通过这些模式来指定搜索内容要匹配的条件。例如:查找目录中以s开头,t结尾的字符串来帮助解密。
grep ^s.*t$ /usr/share/dict/words
练习:
1、阅读grep的人工指南。
2、在网上查找grep的常规表达式。试着创建一个正则表达式来查找所有包含一个a的四个字符长度的字符串。
8.3.3.3 strings
strings是另一个很有用的工具。查找任何类型的可以被人读取的文件。返回某个特殊文件大量信息。提供产生该文件的应用程序信息,以及作者,原创时间等等。
练习:
1、阅读strings的人工指南。
8.2.3.4 awk
awk is a programming language designed for working with strings. It is used to extract
information from one command to feed into another. For example, to take just the running
programs from the ps command, you would use the following:
ps | awk '{print $4}'
Exercise:
1. Read the manual page for awk.
8.2.3.5 The Pipe “|”
All of the above tools are easily combined using the UNIX “pipe” command. This is shown with
the “|” symbol. This allows you to take the output of one command and feed it down a pipe
to another command. To find all files in the current directory that are mpg files, use the
following:
ls | grep mpg
Exercises:
1. Using the pipe, the ls command and grep, find all files in the current directory that were
created this month.
2. Using the ps command and awk, print a list of all the running process names.
8.2.3.4 awk
awk 是和strings一起使用的编程语言。awk用来从一个指令中汲取信息反馈另一个指令中去。例如,从ps指令中调出运行的程序,你需要用下面语句:
ps | awk '{print $4}'
练习:
1、阅读awk的人工指南。
8.2.3.5 Pipe 命令“I”
以上所有的工具都可以通过pipe指令结合使用。用“|”表示。用一个pipe将两个指令连接起来。查找目录中所有的mpg文件,用下列指令:
ls | grep mpg
练习:使用pipe,Is指令和grep,查找当前目录中所有在这个月创建的文件。
2、用ps指令,awk,打印一个所有运行进程名的单子。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- LESSON 8 DIGITAL FORENSICS part IV
- LESSON 8 DIGITAL FORENSICS part VI
- Part4_lesson1---Bootloader设计蓝图
- Techno Security's Guide to E-Discovery and Digital Forensics: A Comprehensive Handbook
- Lesson 1 Basic Concepts: Part 1
- LESSON 3 PORTS AND PROTOCOLS part VI
- Sitecore Digital Marketing System, Part 1: Creating personalized, custom content for site visitors(自定义SiteCore中的 Item的Personalize的Condition) -摘自网络
- Lesson 1 Basic Concepts: Part 2
- 孙鑫VC++深入详解:Lesson7 Part4 ---对话框上各个控件之间循环接受回车键获得焦点
- 孙鑫VC++深入详解:Lesson9 Part6---在状态栏中添加进度条
- Lesson 1 Basic Concepts: Part 3
- LESSON 9 E-MAIL SECURITY part V
- 孙鑫VC++深入详解:Lesson6 Part4 ---CMenu 类的应用:添加子菜单项AppendMenu,插入子菜单项InsertMenu,删除菜单DeleteMenu
- 孙鑫VC++深入详解:Lesson9 Part7---在状态栏中显示鼠标的位置
- Lesson 2 Building your first web page: Part 1
- LESSON 9 E-MAIL SECURITY part IV
- udacity android 实践笔记: lesson 4 part b
- 新概念系列之《Part 1 Lesson 137 A pleasant dream》
- Digital forensics of the physical memory
- 孙鑫VC++深入详解:Lesson9 Part8---给程序加个启动画面