Didier Stevens

Wednesday 17 September 2014

FileScanner.exe Part 3

Filed under: My Software — Didier Stevens @ 0:00

FileScanner.exe is a new Windows tool I developed. Read part 1 and part 2 for more info.


To let you choose the files filescanner will scan, you can provide the following arguments: filename, @filename, folder and ?f:.

Filename and folder are self-descriptive. When you pass argument @filename, filename is a textfile that contains filenames to scan. ?f: stands for all fixed drives on the machine, for example: C:\ D:\.

You can provide more than one argument. To scan the subfolders of a folder you provided, use option -s.

By default, FileScanner provides the following information for scanned files:

20140902 225258

With option -f, files are completely read and the following information is provided:


You can have CSV output with option -v.

To write the output to a file, use option -o and provide a filename. Option -O also writes the output to a filename, this filename is automatically generated: FileScanner-HOSTNAME-DATE-TIME.csv. Option -c lets you specify a folder to where the output file is copied when FileScanner finishes. This can be a UNC share to centralize all reports when you run FileScanner on several machines in parallel.

Option -l follows links.

Use option -r to specify a single rule and -a or -A to specify a textfile with rules.

Blog at WordPress.com.