Strings replacement for windows

      Sometimes a simple utility like unix strings can be very helpful in forensics process. Strings is a tool for Windows OS, developed by Mark Russinovich, that scans executables or object files for ASCII or UNICODE strings. Strings can be called with wildcard parameters and can be used in conjunction with other tools like findstr. 


Ex:
      strings prog123.exe | findstr -i name > OUT


Another useful parameter is '-n' used for return only strings of a minimum length.  The flags -a and -u  can be used to scan for ASCII/UNICODE strings. It can scan files and folders too.


Using strings

Usage: strings.exe [-a] [-b bytes] [-n length] [-o] [-q] [-s] [-u]

Strings takes wild-card expressions for file names, and additional command line parameters are defined as follows:

-s	Recurse subdirectories.
-o	Print offset in file string is located.
-a	Scan for ASCII only.
-u	Scan for UNICODE only.
-b bytes	Bytes of file to scan.
-n X	Strings must be a minimum of X characters in length.

To search one or more files for the presence of a particular string using strings use a command like this:

strings * | findstr /i TextToSearchFor

References:

• Strings v4.21 (Mark Russinovich)