O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Bottom Line

Use tools to analyze the strings of readable text found in an attacker’s tools. Executable program code (EXEs, DLLs, and so forth), in addition to binary code, often contains snippets of ASCII text, which is readable. These strings of readable text can often provide information about the program and how it works. Several tools are available by which you can locate and view these text strings. One of the most commonly used, and free, tools is strings.exe.
Master It The program netstat.exe has been found during an examination. While there are other methods of determining its purpose and authenticity (hash analysis, for example), the investigator wishes to know what strings it contains and on which DLL files this executable may depend. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required