[Vol-dev] Patch: strings command optimization
Jesse Kornblum
research at jessekornblum.com
Mon Sep 7 15:30:12 CDT 2009
Hi Tim,
I'm still testing your patches, but have found the following Perl
script necessary to convert my Mac's strings output into the format
needed by Volatility. I thought others might be able to make use of it:
#!/usr/bin/perl -w
while (<>)
{
$_ =~ s/^(\s*[0-9]+) /$1\:/;
print $_;
}
Usage:
$ strings -o [memoryimage] > raw
$ ./colon.pl < raw > strings.txt
$ python volatility strings -f [memoryimage] -s strings.txt
--
Jesse Kornblum
More information about the Vol-dev
mailing list