|
|
|||||||
I was wondering if anyone has managed to find a util or perhaps write a script to detect files over say... 2mb... some of my users are a little cheeky and have changed the name of MP3's to XLS etc etc... so I was thinkin of using a util that would detect file sizes |
||||||||
|
|
|||||||
I assume you've looked at DIRUSE and DISKUSE on the RK. They dont have a filter for individual file size. How about your Windows Search? It has a size filter. |
||||||||
|
|
|||||||
It needs to be in A DOS type of enviroment.. file search only works in win... how would I redirect the output ? |
||||||||
|
|
|||||||
C'mon Les, that would be too easy, how about this : code: This also allows you to perform any kind of action you would like with them files. ps, after struglling a while with the syntax (looping the loop...) i found it on planetsourcecode.com .. it was "written" by Subodh Dash. I was struggling with amuch cleaner loop but apparently that was not necessary. This script might dump some returncodes on your screen, i did not have the time to look into those but hey, they look quite interesting..... Ciao, |
||||||||
|
|
|||||||
MvdW, Remember, I'm no programmer and lazy to boot. I'm impressed! Haven't tried it but looks good. Now what you really need to do is to evaluate the file format on the hits to see if it is really a 3 meg spreadsheet or an .mp3 file in sheep's clothing. While you're getting warmed up, you could probably knock something off for WIMBOR http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=1&t=003080 |
||||||||
|
|
|||||||
Well Bonky I'm not so sure about your methodology for the search (size) Our users have Word - Excel files from 20k 13MB in size, so a size search (for us anyways) would be futile. You could do a search on files using a GREP type utility like the FREE one here, and search your suspect files for something like SHEET1 which should show in probably all Excel files. If not found it is probably some other type of file. Agent Ransack - Search Utility - Freeware Or, if you want to go all out and pay for it $2,495 you could get something like this: Encase - is the industry leading computer forensic software tool UltraEdit also works well as a KiXtart Editor and locating these file searches
[ 11 September 2001: Message edited by: NTDOC ] |
||||||||
|
|
|||||||
Hi guys, i was wondering, there should be some way to detect an mp3/mpeg/???? file by some of the ocntents. id3 tags, or some form of common code that is in each of the files that have such a format.. is there some sort of overview? then we'll write our own "leader in forensic software" Oh, remember Les, i am certainly no programmer too, but i'm quite handy with the cut and paste.. (aren't all programmers....) |
||||||||
|
|
|||||||
There is a utility within Unix called "file" which is used to determine a file type, and it does it extremely well. It uses a text file called "magic" which defines how to identify a file type. Mine is a little old (RedHat 6.2) but it includes entries for MPGs. You could use the text file and write your own code to use it, or better you may be able to find a version of "file" compiled for Windows/NT. MKS include it in their toolkit, but that is of course a commercial version. Here's what file reported on a test: code:[root@pitbull test]# cp tennis.mpeg important_memo.doc So, renaming the file won't hide it **Update** Here are some examples of it running on my system: code:C:\WINDOWS>file command.com [ 11 September 2001: Message edited by: Richard Howarth ] |
||||||||
|
|
|||||||
They can run but they can't hide... Oh, but they try! The phrase "leader in forensic software" has a ring to it but I think "BloodHound" more aptly says it. Another notch on the handle for us "lockdown" admins. Nice work guys! |
||||||||
|
|
|||||||
Well things are HELL here in the US as I'm sure you have all seen. I have not been able to focus on work today. Today was unbelievable. Such destruction from this cowardly act. I might be able to understand attacking our Military, but innocent people? Well... not to get too off topic, here is another program that is capable GetEXETyp What is GetEXETyp? EXE format analyzer (for DOS) Downloads
C:\GET>GT C:\TEST\* - [C:\TEST\A_DUES.mp3] ----- - [C:\TEST\AFBF8F00] ----- - [C:\TEST\AL_aniston0910.GIF] ----- - [C:\TEST\ROBROY.TXT] ----- - [C:\TEST\ExcelTest.tmp] ----- - [C:\TEST\Cats.mp3] ----- - Files identified: 5 of 6 (83.33%) |