You might also like BinText from Foundstone... see http://www.foundstone.com/rdlabs/tools.php?category=Forensic it will find ASCII, UNICODE, and Resource Strings in files Runs on WinNT/2K/XP systems in a window... Works on all file types. As a test I run it on itself... msh --------------------------------------------------------- Michael S Hines | Phone 765-494-5875 Purdue University | FAX 765-496-1380 Management Information | Email mshinesat_private OS/390 Systems Programmer | Certifications: 1061 Freehafer Hall | CIA, CISA, CFE, CDP West Lafayette, IN 47907-1061 | -----Original Message----- From: crazybarryat_private [mailto:crazybarryat_private] Sent: Wednesday, September 19, 2001 9:11 AM To: forensicsat_private Subject: Re: Forensics on Word Documents Just downloaded Strings from sysinternals. Very cool :) But I do have a question about it.... Although it gives me lots of information about the file there still seems to be lots of information missing. Such as the actual text of the document. Also, I believe that the printer that the document was defaulted to print to is also included as part of the document. So question is....where's the rest of the stuff?? Thanks, Barry Jonathan Bloomquist writes: > i agree - strings is also available for win32 from > sysinternals: > > http://www.sysinternals.com/ntw2k/source/misc.shtml > > --- jamie rishaw <jamieat_private> wrote: > > running it through UNIX 'strings' is always one of > > the first things I > > do to any document or file that I don't know of -- > > it's invaluable in > > a lot of things.. > > > > jamie > > > > On Fri, Sep 14, 2001 at 03:57:56PM +1000, Nicole > > Haywood wrote: > > > I've got to do a comparison on a couple of > > versions of word documents to try to determine which > > was created first etc. > > > > > > Is there anything any one can suggest I look at in > > a word document other than creation date and > > revisions etc. > > > > > > Thanks, > > > > > > Nicole > > > __________________________________________________ > Terrorist Attacks on U.S. - How can you help? > Donate cash, emergency relief information > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > CFE, MCSE, MCP+Internet ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 10:51:59 PDT