SANS Digital Forensics and Incident Response Blog: Tag - shell

Bring Me My Pipe

[caption id="attachment_298" align="alignleft" width="180" caption="Pipes photo courtesy of tanakawho at "]//[/caption]

Often used and under appreciated, the pipe feature in unix/linux/dos has to be my favorite tool in incident response and forensics.

Need the device at /dev/sda imaged with progress indicators and an md5sum?

dd if=/dev/sda| pipebench | tee sda.dd | md5sum >sda.md5.txt

Need a summary of the unique hosts from Internet Explorer's index.dat history file?

pasco index.dat | grep -v 'javascript\\:' | egrep -i 'ftp|http' | sort -k 4 | awk '{print $3}' | awk