Table of Contents
sigfind - Find a binary signature in a file 
sigfind [-b bsize
] [-o offset ] [-t template ] [-lV] [ hex_signature ] file 
 
sigfind
searches through a file and looks for the hex_signature at a given offset.
This can be used to search for lost boot sectors, superblocks, and partition
tables.  
 
- -b bsize
- Specify the block size in which to search.  The
default is 512 and the value must be a multiple of 512.  
- -o offset
- Specify
the offset in a block in which the signature must exist.  The default is
0.  
- -t template
- Specify a template name that defines the signature value and
offset.  Run with  no options to get a list of supported templates. 
- -l
- The
signature is stored in little-endian ordering and must therefore be reversed.
- -V
- Display version 
- [hex_signature]
- The binary signature that you are searching
for.  It must be given in hexadecimal format.  This argument must exist if
-t is not used. 
- file
- Any raw data. 
  
 sigfind -o 510 -l AA55 disk.dd 
 sigfind
-
t fat disk.dd 
 
 
Brian Carrier <carrier at sleuthkit dot org> 
 Send documentation
updates to <doc-updates at sleuthkit dot org> 
Table of Contents