A Regular Expression Search Primer for Forensic Analysts

by Tim Cook
Sept. 1, 2017 0 comments SANS Institute forensics

This  assumption  tends  to  leave  the  reader  to  their  own  devices  to  puzzle   out  how  to  locate  and  extract  specific  string  content  from  files.  The  focus  of  this   paper  is  to  introduce  the  reader  to  Linux  string  search  and  text  manipulation   commands  and  provide  specific  use  cases  and  search  patterns  that  will  be  of  use  to   Forensic  Analysts.  The  intent  of  this  paper  is  to  serve  as  an  introduction  to  regular   expressions  and  some  Linux  commands  that  can  be  used  to  locate  an

https://www.sans.org/reading-room/whitepapers/forensics/regular-expression-search-primer-forensic...