1SIGFIND(1)                  General Commands Manual                 SIGFIND(1)
2
3
4

NAME

6       sigfind - Find a binary signature in a file
7

SYNOPSIS

9       sigfind [-b bsize ] [-o offset ] [-t template ] [-lV] [ hex_signature ]
10       file
11
12

DESCRIPTION

14       sigfind searches through a file and looks for the  hex_signature  at  a
15       given  offset.   This  can  be  used  to  search for lost boot sectors,
16       superblocks, and partition tables.
17
18

ARGUMENTS

20       -b bsize
21              Specify the block size in which to search.  The default  is  512
22              and the value must be a multiple of 512.
23
24       -o offset
25              Specify the offset in a block in which the signature must exist.
26              The default is 0.
27
28       -t template
29              Specify a template name that defines  the  signature  value  and
30              offset.   Run  with  no  options to get a list of supported tem‐
31              plates.
32
33       -l     The signature is  stored  in  little-endian  ordering  and  must
34              therefore be reversed.
35
36       -V     Display version
37
38       [hex_signature]
39              The  binary  signature  that  you are searching for.  It must be
40              given in hexadecimal format.  This argument must exist if -t  is
41              not used.
42
43       file   Any raw data.
44
45

EXAMPLES

47       sigfind -o 510 -l AA55 disk.dd
48
49       sigfind -t fat disk.dd
50
51
52

AUTHOR

54       Brian Carrier <carrier at sleuthkit dot org>
55
56       Send documentation updates to <doc-updates at sleuthkit dot org>
57
58
59
60                                                                    SIGFIND(1)