| |||||
| |||||
Search Irongeek.com: ![]() ![]()
Help Irongeek.com pay for bandwidth and research equipment: |
BULK_EXTRACTORSection: User Commands (1)Updated: MAY 2010 Index of this MAN page Back To MAN Pages From BackTrack 5 R1 Master List NAMEbulk_extractor - Scans a disk image for regular expressions and other content.SYNOPSISbulk_extractor -o output_dir [options] imageDESCRIPTIONbulk_extractor scans a disk image (or any other file) for a large number of pre-defined regular expressions and other kinds of content. These items are called features. When it finds a feature, bulk_extractor writes the output to an output file. Each line of the output file contains a byte offset at which the feature was found, a tab, and the actual feature. Features therefore cannot contain the end-of-line character.bulk_extractor includes native support for EnCase (.E01) and AFFLIB (.aff) files, if it compiled and linked on a system containing those libraries. bulk_extractor is multi-threaded. By specifying the -j option, multiple copies of the program can be run. Each thread writes its results into its own feature file. The files are then combined by the primary thread when all of the secondary threads complete. bulk_extractor is a two-phase program. In phase 1 the features are extracted. In phase 2 a histogram is created of relevant features. bulk_extractor will also create a wordlist of all the words that are found in the disk image. This can be used as a dictionary for cracking encryption. The options are as follows:
HISTORYbulk_extractor is based on a feature extractor and named entity recognizer developed for SBook in 1989. The feature extractor was repurposed for disk images in 2003. The stand-alone bulk_extractor program was rewritten in 2005 and publicly released in 2007. The multi-threaded bulk_extractor was released in May 2010.AUTHORSimson Garfinkel <simsong@acm.org>
IndexThis document was created by man2html, using the manual pages. Time: 07:34:21 GMT, September 13, 2011
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast