Didier Stevens

Sunday 29 January 2017

Update: FileScanner Version 0.0.0.4

Filed under: My Software,Update — Didier Stevens @ 0:00

I released this new version of FileScanner at the end of 2015, but forgot to announce it here on my blog.

This new version also scans Alternate Data Streams.

FileScanner_V0_0_0_4.zip (https)
MD5: 4BB8F475328B9EB214E6B9405F84816E
SHA256: 5D3B1408C5D2BD17C0441D0D9D0DA565E8D690DE792971092956F4CA10D5A071

5 Comments »

  1. […] FileScanner was updated to version 0.0.0.4 (last year but only just announced), adding Alternate Data Stream scanning. Update: FileScanner Version 0.0.0.4 […]

    Pingback by Week 4 – 2017 – This Week In 4n6 — Sunday 29 January 2017 @ 11:03

  2. […] ran my filescanner on the file, and found an ADS with name […]

    Pingback by Quickpost: Dropbox & Alternate Data Streams | Didier Stevens — Monday 30 January 2017 @ 0:00

  3. […] Update: FileScanner Version 0.0.0.4 […]

    Pingback by Overview of Content Published In January | Didier Stevens — Tuesday 14 February 2017 @ 0:00

  4. So what would an example look like that searched for D0Cf11E0 at the start, and any instance of 00417474726962757400 ? This should return Office files with embedded macros, I can’t figure out the correct syntax for the search.

    Comment by Paul — Thursday 13 April 2017 @ 15:55

  5. OLE:start:D0CF11E0
    $ATTRIBUT:content:00417474726962757400
    OLE-VBA:and:OLE $ATTRIBUT

    Comment by Didier Stevens — Sunday 16 April 2017 @ 13:10


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: