Forensics -> Forensic Analysis Tools
missidentify is a tool to find Windows executable files, based on the PE header of the file, thus it can find executables regardless of the extension. Programs, device drivers, and DLLs will have PE header (there are a lot of excellent sources on the Internet about the PE header analysis). By default the program displays the filename if the extension of the file does not match one of the known executable extensions (.exe, .com, .sys, or .dll).
Usage examples:
List all executable recursively in a directory, regardless of the extension, and show only the filename:
missidentify -rab [directory]
List all executable recursively in a directory, regardless of the extension, and show the full path:
missidentify -ral [directory]
Display version:
missidentify -V
Here is a screenshot from my test. You can see that it finds executable even when the file name doesn't match (something.txt -s are actually dll).
No comments:
Post a Comment