SANS Digital Forensics and Incident Response Blog: Tag - find

Finer Points of Find

The *NIX "find" command is probably one of the system security tester's best friends on any *NIX system. This command allows the system security tester or digital forensic analyst to process a set of files and/or directories in a file subtree. In particular, the command has the capability to search based on the following parameters:

  • where to search (which pathname and the subtree)
  • what category of file to search for (use "-type" to select directories, data files, links)
  • how to process the files (use "-exec" to run a process against a selected file)
  • the name of the file(s) (the "-name" parameter)
  • perform logical operations on selections (the "-o" and "-a" parameters)

One of the key problems associated with the "find" command is that it can be difficult to use. Many experienced professionals with years of hands-on experience on *NIX systems still find this command to be tricky. Adding

... Continue reading Finer Points of Find