Example 1
Get the hex value of a string:
"pancake" | format-hex -StringEncoding ASCII
"pancake" | format-hex -StringEncoding ASCII -hideheader -hideaddress -hideascii
get-content .\file.txt | format-hex -StringEncoding ASCII
etc.
Example 2
Get the hex value of a binary file:
get-content image1.jpg | format-hex
get-content image1.jpg | format-hex -hideASCII -hideheader -hideaddress
(get-content image1.jpg | format-hex -hideASCII -hideheader -hideaddress) -replace(' 00','')
etc.
Make a simple report
It can be very handy to make a simple report of the files in a folder. I use a foreach loop for this:
foreach ($i in dir) {
$i; get-content $i | format-hex -count 8 -hideaddress
}
Store it in a report like this:
$a = foreach ($i in dir) {
$i; get-content $i | format-hex -count 8
-hideaddress
}
$a | out-file c:\reports\report1.txt
Use it as a simple forensic tool
As you can see in the foreach loop above, it's easy now to use PowerShell as a simple forensic tool. You can now get a list of all JPG files in a folder (including those with a wrong file extension!)
foreach ($i in dir) {
$i; get-content $i | format-hex -count 8 -hideaddress | where-object {$_ -match "FF 00 D8 00"}
}
Recent Comments