If you 'HAVE to' knuckle bust it!
7 views
Skip to first unread message
Brad
Feb 19, 2012, 10:28:54 AM2/19/12
to aff-discuss
I created these little scripts for searching huge data sets and not
exhausting memory. bulk_extractor does this and more but sometimes you
need to be exact.
Just good info for forensics.
do a huge scan of a drive based on a list of keywords and not blow out
memory!
find /mnt/search_location/ -exec grep -rc --file=/home/
list_of_strings /mnt/search_location/{} + >/home/stringsOut-big-
file.txt
then delete your trash with sed ( ':0' being my trash in this case)
sed -i '/:0/d' source_file
then pop out what you want with grep. ( :9 being mine in this
case :)
grep -v :9 source_file > ouput_file
bulk_extractor does the same thing but on a much bigger scale.
exhausting memory. bulk_extractor does this and more but sometimes you
need to be exact.
Just good info for forensics.
do a huge scan of a drive based on a list of keywords and not blow out
memory!
find /mnt/search_location/ -exec grep -rc --file=/home/
list_of_strings /mnt/search_location/{} + >/home/stringsOut-big-
file.txt
then delete your trash with sed ( ':0' being my trash in this case)
sed -i '/:0/d' source_file
then pop out what you want with grep. ( :9 being mine in this
case :)
grep -v :9 source_file > ouput_file
bulk_extractor does the same thing but on a much bigger scale.
Reply all
Reply to author
Forward
0 new messages