The Bottom Line

Use tools to analyze the strings of readable text found in an attacker’s tools. Executable program code (EXEs, DLLs, and so forth), in addition to binary code, often contains snippets of ASCII text, which is readable. These strings of readable text can often provide information about the program and how it works. Several tools are available by which you can locate and view these text strings. One of the most commonly used, and free, tools is strings.exe.

Master It The program netstat.exe has been found during an examination. While there are other methods of determining its purpose and authenticity (hash analysis, for example), the investigator wishes to know what strings it contains and on which DLL files this executable may depend. ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

The Bottom Line

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly