drive-image-searcher

Crates.iodrive-image-searcher
lib.rsdrive-image-searcher
version0.2.2
sourcesrc
created_at2024-05-19 00:41:33.313947
updated_at2024-05-20 08:28:53.635486
descriptionA CLI tool to stream a drive image, and search for one or more byte patterns
homepage
repositoryhttps://github.com/RecRanger/drive-image-searcher
max_upload_size
id1244580
size94,806
Recovery Ranger (RecRanger)

documentation

README

drive-image-searcher

A Rust CLI tool to stream a drive image, and search for one or more byte patterns

cargo install drive-image-searcher
drive-image-searcher -h

Features

  • Supports custom "needle" definition configuration file.
  • Supports reading from compressed disk images (lz4 and xz compression).
  • Writes out chunks of data where the needle was found.
  • Fast.

Usage

  1. Download the needle_config.sample.yaml file, and fill it with search patterns you want to locate. For example:
- name: "Example Needle 1"
  val: "48 65 6c 6c 6f ff ff ff ff ff ff ff"  # This is "Hello" in hexadecimal
  val_format: hex
  description_notes: "A simple hex value of the word 'Hello'"
  happiness_level: 1

- name: "Example Needle 2"
  val: "word plus a bunch of other random text"
  val_format: ascii
  description_notes: "A plain ASCII value"
  happiness_level: 2
  write_to_file: false
  1. Run cargo install drive-image-searcher.
  2. Run drive-image-searcher -c none -i /path/to/dd_file.img -n /path/to/needle_config.yaml -o ./output_dir/

When complete, matching instances within the files will be in ./output_dir/, alongside logs.

Bugs

  • Total file size for block devices shows as 0, so ETA doesn't work.
  • The offsets are incorrect as a result of the carry forward not shifting the haystack
Commit count: 11

cargo fmt