Grep searches


kern

New Member
Mar 9, 2007
567
0
#2
Hi clarkwgriswold, nice topic :)

i tend to use grep from the shell. (linux)
what i grep depends on what im tryna find but,

for me a common search is a passing grep a list of words associated with webaccess.
Welcome, login, password, thankyou etc
This sometimes differentiates a users casual browsing from actively browsing, having purposely joined a website for certain content and going thro a login process.

saves poring over webcaches "looking" and refutes the "oh i just stumbled upon this"

grep: the anoraks leatherman :)
 
Dec 26, 2006
267
0
#3
Good reply Kern.

What are some examples of strings you use (the actual string)

Maybe this thread can get some good responses and can sticky for others who do this a lot through different software.
 

kern

New Member
Mar 9, 2007
567
0
#4
clark. ,
theres nothing too complex i use, will have a dig around over the weekend on the other drives. mainly its tactical depending on scenario. Good point re strings and Sticky.

maybe we can come up with tactical lists a bit like the golden password lists Access decrypt uses.

Do You think it would be worthwhile categorising by type? ie

mail-words list ... login - pass - account - number - mailheaders
dodgy websites ... choose-ur-perversion.com etc?
html mail .... getmsg showmessage showfolder
irc ... #channelname nicknames < some configfile words >
p2p ... unambiguous filenames / searchpatterns headers etc.

ive found traces of such in registry / slackspace / old registry backup
so it may also be useful for ppl to state where they've had success using these.

or maybe regexps to pattern match like so many chars & so many numbers for credit cards. no point duplicating these if their available in the forensic tk's is there?

horses for courses, rather than shotgun approach.

what are your thoughts?
cheers
Kern
 
Dec 31, 2006
3,405
0
#5
If you are going to add a Sticky, maybe it could be broken up into product. For example when I go to training or conferences I like to swap AccessData Registry Viewer .rsr files (registry search strings for CC #s, UPS and FedEx tracking and similar), Golden Dictionaries (probably too large to post here), etc.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu