A quick reference page for info on my srch_strings_wrap script:
- Code – https://github.com/superponible/Search-Strings-Extension
- Overview – http://blog.superponible.com/2011/11/17/srch_strings_wrap-forensics-tool/
- Examples – http://blog.superponible.com/2011/11/17/srch_strings_wrap-history-and-examples/
- srch_strings_wrap will replace srch_strings in the SANS SIFT Workstation
Hi,
I’m forensic investigator from Szcezcin in Poland. I’m trying use Your script wich -G option. The expression used in “-G file” was checket in grep tester on “http://www.online-utility.org/text/grep.jsp” website, but in results of Your script is nothing. Is any special syntax for -g or -G option in srch_strings_wrap.
There is my expression: (ANEKS\s+nr\s+2)|(wk.+\s+wsp.+wnika)|(z\s+dnia\s+[0-9]{1,2}\.[0-9]{1,2}\.[0-9]{2,4}).
Ask for an urgent reply.
Best regards
Robert Niedzielski
I’ve changed the expression:
\(ANEKS[[:space:]]\+nr\s[[:space:]]\+2\)\|\(wk.d[[:space:]]\+wsp.\+wnika\)\|\(z[[:space:]]\+dnia[[:space:]]\+[0-9]\{1,2\}\.[0-9]\{1,2\}\.[0-9]\{2,4\}\).This mean that script use only basic syntax of grep regular expression?
Robert
If you’re using -g, you can enter the regex on the command line. If you’re using “-G file”, the regex should be on a line in file.
The script is basically just passing whatever you give it on to grep, so whatever grep supports, the script should support.
For example, if you do “-g ab.*d”, it will apply “grep ab.*d” to the output.
Hope that helps.