The 'strings' command

Why use it?

strings command is a utility that prints out all readable character strings above a certain length (default is 4). This can be used to extract hard-coded text out of binary files that are not human readable and therefore useful in forensics as a quick check.

How to use it?

To use the strings command, open terminal on a UNIX (or UNIX-like) system, then type strings /path/to/your/file. This will cause strings to print out any string that is 4 characters or longer. To search for shorter strings, use strings -n $NUM /path/to/your/file For example, strings -n 2 ./mysteryFile will print out all the strings that are 2 characters or longer in the file mysterFile in the local working directory.

Compiler quirks

Because of how compilers optimize the code to make it more resource efficient, a piece of text may be split into many smaller consecutive chunks. For similar reasons, the stored text may have a repeating filler character at the end to align each piece to a specific location in memory. Because of that, it may be wise to search for smaller chunks of text when you don't find anything of interest.

OS Differences & Similarities

It is available by default on most if not all UNIX and UNIX-like operating systems. Unfortunately, it is not installed by default on Microsoft Windows. However, online alternative to the program also exist online.

Moreover, one does not need to be on the OS that the program was compiled for to look for strings in an executable file. Windows systems can check Linux binaries for strings and vice versa. This is because strings looks for text at the binary level that is universal accross almost all operating systems.

Online Strings Tool

Strings Utility found at FileFormat.info is a decent online alternative.