Low level Disk Search

[Gene Heskett]

On Sunday 07 July 2013 09:18:18 GaryT did opine:

> Does anyone know of a program that will search a Linux disk at low
> level, seeking out character strings etc.
> 
> This is NOT the find program. I'm looking for a little routine that
> reads straight off the disk, disregards file boundaries, can't be
> bothered about the function of the file it's looking in, etc. This
> routine will start at Sector 0 and just read characters, looking for a
> particular string match.
> 
> There are plenty that operate under Windows, I've used them over the
> years, but finding similar software to operate under Linux is not an
> easy task. It seems most people can't see anywhere past GREP, or FIND.
> 
> Much appreciate any help
> GT

Ahh contraire! Piece of cake even.  'dd' is the raw disk reader.  Read the 
disk with dd and pipe that into grep.  It will take a while for a terrabyte 
drive though.  The unix way is to do one function, and do it well.  If you 
need to search the output of dd, then the next function in the pipeline is 
grep.

#>dd if=/dev/sda |grep string
It will go a bit faster if you know the block/sector size of the source 
disk, historically 512 bytes, but more recently 4096.  See the dd man page 
for the bs option.

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene> is up!
My views 
<http://www.armchairpatriot.com/What%20Has%20America%20Become.shtml>
The most important design issue... is the fact that Linux is supposed to
be fun...
		-- Linus Torvalds at the First Dutch International 
Symposium on Linux
A pen in the hand of this president is far more
dangerous than 200 million guns in the hands of
         law-abiding citizens.