Page 1 of 1 1
Topic Options
#58940 - 2001-09-10 11:47 AM utils to detect Large files
Anonymous
Unregistered


I was wondering if anyone has managed to find a util or perhaps write a script to detect files over say... 2mb... some of my users are a little cheeky and have changed the name of MP3's to XLS etc etc... so I was thinkin of using a util that would detect file sizes
Top
#58941 - 2001-09-10 04:04 PM Re: utils to detect Large files
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
I assume you've looked at DIRUSE and DISKUSE on the RK. They dont have a filter for individual file size. How about your Windows Search? It has a size filter.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#58942 - 2001-09-10 04:35 PM Re: utils to detect Large files
Anonymous
Unregistered


It needs to be in A DOS type of enviroment.. file search only works in win... how would I redirect the output ?
Top
#58943 - 2001-09-10 04:38 PM Re: utils to detect Large files
mvdw Offline
Starting to like KiXtart

Registered: 2001-05-01
Posts: 124
Loc: Voorburg, Netherlands
C'mon Les, that would be too easy,

how about this :

code:
 

break on

$fso = createobject("Scripting.FileSystemObject")
$outputfile = @curdir + "\outputfile.txt"
$maxsize = 2048

? "which directory would you like to search? :"
gets $rootdir

$string = "Files in $rootdir (and subdirectories)"
shell '%comspec% /c echo $string > $outputfile'

$rc = recursivedir ("$rootdir")

? "finished, press any key to quit"
get $k
exit

Function recursivedir($path)

$folderpath = $fso.getfolder($path)
$fol = $folderpath.subfolders
for each $foldername in $fol
listfiles($foldername)
$recursivedir = $foldername
recursivedir($foldername)
next

endfunction

function listfiles($dir)
for each $file in $dir.files
$size = $file.size / 1024
if $size > $maxsize
$writepath = $dir.path
$writefile = $file.name
$string = "$size(kb) $writepath\$writefile"
shell '%comspec% /c echo "$string" >> $outputfile'
endif
next
endfunction


This also allows you to perform any kind of action you would like with them files.
A little more scripting could lead to your own search functions in kix, automatically scanning the network for MP3's and other *interesting* material and copy it to a central place so anyone can enjoy !!!

ps, after struglling a while with the syntax (looping the loop...) i found it on planetsourcecode.com .. it was "written" by Subodh Dash. I was struggling with amuch cleaner loop but apparently that was not necessary. This script might dump some returncodes on your screen, i did not have the time to look into those but hey, they look quite interesting.....

Ciao,
MvdW

_________________________
rgrds, Maarten

Top
#58944 - 2001-09-10 05:23 PM Re: utils to detect Large files
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
MvdW,
Remember, I'm no programmer and lazy to boot.

I'm impressed! Haven't tried it but looks good.

Now what you really need to do is to evaluate the file format on the hits to see if it is really a 3 meg spreadsheet or an .mp3 file in sheep's clothing.

While you're getting warmed up, you could probably knock something off for WIMBOR http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=1&t=003080

_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#58945 - 2001-09-11 01:28 AM Re: utils to detect Large files
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Well Bonky I'm not so sure about your methodology for the search (size) Our users have Word - Excel files from 20k 13MB in size, so a size search (for us anyways) would be futile.

You could do a search on files using a GREP type utility like the FREE one here, and search your suspect files for something like SHEET1 which should show in probably all Excel files. If not found it is probably some other type of file.

Agent Ransack - Search Utility - Freeware

Or, if you want to go all out and pay for it $2,495 you could get something like this:

Encase - is the industry leading computer forensic software tool

UltraEdit also works well as a KiXtart Editor and locating these file searches
UltraEdit - Text Editor - HEX Editor


I do like the looks of MvdW's code for finding the size though.

[ 11 September 2001: Message edited by: NTDOC ]

Top
#58946 - 2001-09-11 01:01 PM Re: utils to detect Large files
mvdw Offline
Starting to like KiXtart

Registered: 2001-05-01
Posts: 124
Loc: Voorburg, Netherlands
Hi guys,

i was wondering, there should be some way to detect an mp3/mpeg/???? file by some of the ocntents. id3 tags, or some form of common code that is in each of the files that have such a format.. is there some sort of overview? then we'll write our own "leader in forensic software"

Oh, remember Les, i am certainly no programmer too, but i'm quite handy with the cut and paste.. (aren't all programmers....)

_________________________
rgrds, Maarten

Top
#58947 - 2001-09-11 02:02 PM Re: utils to detect Large files
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
There is a utility within Unix called "file" which is used to determine a file type, and it does it extremely well. It uses a text file called "magic" which defines how to identify a file type. Mine is a little old (RedHat 6.2) but it includes entries for MPGs.

You could use the text file and write your own code to use it, or better you may be able to find a version of "file" compiled for Windows/NT. MKS include it in their toolkit, but that is of course a commercial version.

Here's what file reported on a test:

code:
[root@pitbull test]# cp tennis.mpeg important_memo.doc
[root@pitbull test]# file important_memo.doc
important_memo.doc: MPEG video stream data


So, renaming the file won't hide it

**Update**
I found a windows version on Sourceforge

Here are some examples of it running on my system:

code:
C:\WINDOWS>file command.com
command.com: MS-DOS executable (EXE)

C:\WINDOWS>file system.ini
system.ini: ASCII text, with CRLF line terminators

D:\Audit\DubiousVids>file *
Mom2.mpg: MPEG system stream data
Pantsoff.avi: RIFF (little-endian) data, AVI

D:\My Documents>file *
Adding a user login.doc: Microsoft Office Document
AVCOLD.mdb: raw G3 data, byte-padded
Computacenter Script.doc: Microsoft Office Document
Contract: directory
Current Internet.vsd: Visio (TM) Drawing
Current Internet.wmf: ms-windows metafont .wmf
Data Centre.vsd: Visio (TM) Drawing
Data Centre.wmf: ms-windows metafont .wmf
Demon Change Request 001.doc: Microsoft Office Document
Demon MC change request.doc: Microsoft Office Document
Drawings.mdb: raw G3 data, byte-padded
EPC Check List.doc: Microsoft Office Document
epc.doc: Microsoft Office Document
HKRouter.txt: ASCII text, with CRLF line t
erminators
IP Addresses new Sites1.xls: Microsoft Office Document
Microsoft Office Document
Migrate.csv: ASCII text, with very long l
ines, with CRLF line terminators
MySQL Test.mdb: raw G3 data, byte-padded
Old Excel Documents.lnk: ms-Windows shortcut
PM2K.doc: Microsoft Office Document
Config.doc: Microsoft Office Document
sgb_ppr0081.PDF: PDF document, version 1.2
Shortcut to Northwind.lnk: ms-Windows shortcut
t.htm: HTML document text


[ 11 September 2001: Message edited by: Richard Howarth ]

Top
#58948 - 2001-09-11 04:53 PM Re: utils to detect Large files
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
They can run but they can't hide... Oh, but they try!

The phrase "leader in forensic software" has a ring to it but I think "BloodHound" more aptly says it.

Another notch on the handle for us "lockdown" admins.

Nice work guys!

_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#58949 - 2001-09-12 03:24 AM Re: utils to detect Large files
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Well things are HELL here in the US as I'm sure you have all seen.
I have not been able to focus on work today.
Today was unbelievable. Such destruction from this cowardly act.
I might be able to understand attacking our Military, but innocent people?

Well... not to get too off topic, here is another program that is capable
of doing such a file search.

http://surf.to/phax

GetEXETyp
Current version: 2.60 UPDATED

What is GetEXETyp?

EXE format analyzer (for DOS)
Commandline program
Detection of many (about 400) COM/DOS-EXE/PE-EXE/NE-EXE/LE-EXE modifier and compiler
< 5 milliseconds (2/100 seconds) per file
long filename support for Windows 95/98
Win32 version in beta stadium
Freeware
Copy it freely
Free download
See extended documentation
Free mailinglist
GetEXETyp is Copyright © 1997-2001 by PHaX
All detected programs are Copyright © by their authors.

Downloads
Download GT 2000 for Windows incl. GTUI2 Get Version 0.28 UPDATED
Download GetTyp for DOS Get Version 2.60
Download GetTyp for Windows Get Version 2.60
Download GTUI (GetTyp User Interface) for Windows Get Version 1.14
Download the DLL package for GTW/GTUI Get MFC42.DLL and OLEAUT32.DLL
Download GetTyp special EXE edition for DOS Get Version 2.60
Download GetEQExe for DOS Get Version 3.49
Download GetEQExe for Windows Get Version 3.49
Download FArc Get Version 1.24
Download FArcW Get Version 1.24
Download BP7Patch Get Version 1.02
Download ListNE for DOS Get Version 1.01
Download ZIPC normal version Get Version 0.02
Download ZIPC 256MB RAM version Get Version 0.02
Download source code (TP 6/7):


Sample output of program
Notice: I changed the extension on purpose and it still finds them correctly, even the
file error within the CATS3.MP3 file. The file AFBF8F00 is a null blank file to test the scanning
ability.

C:\GET>GT C:\TEST\*
- --- # GetTyp 2.60 # ----------------- # Copyright (c) 1997-99 by PHaX # ---
- --- # phax@writeme.com # ---------------------- # http://surf.to/phax # ---
- ------------------------------------------------------ # free edition # ---
- Using long filenames ...

- [C:\TEST\A_DUES.mp3] -----
OLE2 document (Winword, Excel, Starwriter, ...)

- [C:\TEST\AFBF8F00] -----
Binary file
File may be 7 bit only

- [C:\TEST\AL_aniston0910.GIF] -----
JPG image
130x75 -- TrueColor (24 Bit)

- [C:\TEST\ROBROY.TXT] -----
RIFF file: Animation Video (AVI)
+-RIFF
+-LIST
¦ +-avih
¦ +-LIST
¦ ¦ +-strh
¦ ¦ +-strf
¦ +-LIST
¦ +-strh
¦ +-strf
+-JUNK
+-LIST
¦ +-LIST
¦ ¦ +-01wb
¦ ¦ +-JUNK
¦ ¦ Data (1 bytes)
¦ +-LIST
¦ ¦ +-01wb
¦ ¦ +-JUNK
¦ ¦ Data (1 bytes)
¦ +-LIST
¦ ¦ +-01wb
¦ ¦ +-JUNK
Truncating listing ...

- [C:\TEST\ExcelTest.tmp] -----
OLE2 document (Winword, Excel, Starwriter, ...)

- [C:\TEST\Cats.mp3] -----
Wave music file (WAV) (compressed - type 85)
Channels: 1
Sampling rate: 11025
Data size: found error in data structure
Bits: 0 (decompressed: 0 bytes)
Playtime: 1:36,64 min

- Files identified: 5 of 6 (83.33%)
- Total time: 807.0 ms (97.2 ms/file) (224.0 ms lost)

Top
Page 1 of 1 1


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 248 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.046 seconds in which 0.019 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org