Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can anyone recommend a Linux utility to scan an entire physical disk (of only 12Gb)for selected text strings which searches (obviously) not just files and folders but cluster tips and unused space? Something which shows up all instances of hits found, where they are, and preferably has a "search and replace xyz with abc" facility. Many thanks!
I think you probably want http://www.cgsecurity.org/wiki/PhotoRec_Step_By_Step. This primarily for recovering from corrupt or deleted files.
Not sure its do replace, there's usually no point. You recover first, then fix-up if possible.
For extant files try a loop with find & sed.
If you want to hit unused space et al, you'll probably need a full-on forensic tool.
Been discussed plenty of times - there are even forensic liveCDs.
Well I have the Knoppix DVD which has a comprehensive Forensic Toolkit on it and a baffling array of other utilities, so I may well have something to do the job already. But all of those program names mean nothing to me; I need a specific pointer to a particular piece of software which will do the job. I need a program name to search for.
In this particular brute-force method, you would need to try several different key words until you established where the file was. Some different hexdump options might help also....
Thanks, Farslayer. You really are a most helpful guy. I'd tip you another "thanks" but it might start to look as if you're paying me, or we're related in some way. ;-)
The 'strings' command extracts text from binary data.
The following code scans /dev/sda for strings containing '.jpg'
It has to be run as root. Use 'CTRL c' to stop the command.
Code:
dd if=/dev/sda | strings -n 4 -t d | grep '\.jpg'
3005553932 ElectronicsCapacitorscapacitor_codes_filestop_img6.jpg
3112021438 Sunset2.jpg, and Sunset3.jpg.
3112022948 the pictures are saved as Sunset1.jpg, Sunset2.jpg
3119203911 http://www.perl.com/graphics/perlhome_header.jpg</
# 'grep -C 2' adds 2 lines of context before and after
dd if=/dev/sda | strings -n 4 -t d | grep -C 2 '\.jpg'
--
3005442040 Bashlinuxcommand.orghtml_textsizeof.html
3005442088 Bashlinuxcommand.orghtml_textsizeof.README.html
3005443248 Bashlinuxcommand.orgimagesxterm.jpg
3005443292 Bashlinuxcommand.orgman_pagesa2p1.html
3005443340 Bashlinuxcommand.orgman_pagesa2ps1.html
--
3005552864 ElectronicsCapacitorscapacitor_codes_filesactuators.gif
3005552928 ElectronicsCapacitorscapacitor_codes_filesArticles.gif
3005552992 ElectronicsCapacitorscapacitor_codes_filesback_green.jpg
3005553056 ElectronicsCapacitorscapacitor_codes_filesback_stone.jpg
3005553120 ElectronicsCapacitorscapacitor_codes_filesBasics.gif
3005553180 ElectronicsCapacitorscapacitor_codes_filescp51.gif
--
-n 4 means only extract strings of 4 or more characters.
-t d means precede each extracted string with the decimal offset of its first character.
(This isn't the offset of '.jpg' unless it's at the start of the string.)
I'm using the version of 'strings' supplied with Mandriva.
The version supplied with Puppy 4.1.1 does not support '-t d' for decimal offset.
It only has '-o' which gives the offset in octal.
n.b. The dd command is dangerous; typing 'of=$device' instead of 'if=$device' can destroy the $device file system.
n.b. The dd command is dangerous; typing 'of=$device' instead of 'if=$device' can destroy the $device file system.
Good point about the dangers of transposing your input and output files and another good reason why 'dd' should be re-written to become rather more 'intelligent.'
Thanks for the 'strings' command suggestion. I've never heard of it but will certainly check it out.
Good point about the dangers of transposing your input and output files and another good reason why 'dd' should be re-written to become rather more 'intelligent.'
heh heh, I doubt it. But, you could probably write a wrapper script if you knew what you wanted to protect from.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
whole-disk text-string scanning utility
