#DFIR Tip! The -A, -B and -C flags to grep are *VERY* handy when searching strings files with -A <#> it will show you # number of lines after a hit on your search pattern -B <#> shows number of lines before -C <#> which stands for context, will show # lines before&after
2
20
1
50
Replying to @attrc
vol.py ... malfind | grep -B4 MZ | grep Process” is one of my faves for quickly pulling out processes with injected PE sections

Jan 10, 2020 · 1:22 AM UTC

1
4
1
20
Replying to @hal_pomeranz
Nice! You probably know, but you can also do “malfind -D <directory>” then run the file command on all the extracted regions. AV will freak out on known malware though since it’s being written to disk :)
4