Strings will often come preinstalled in many Linux distributions. Windows has a standalone executable for string searches available at https://docs.microsoft.com/en-us/sysinternals/downloads/strings. If Strings is not installed on the Linux platform of choice for the responder, the following command will install it:
dfir@Desktop-SFARF6G~$ sudo apt install binutils
For a rather simple tool, Strings is a powerful way to search through bulk data for specific keyword-based strings. For the purposes of this book, the focus will be on extracting specific data points with the following Strings syntax:
dfir@Desktop-SFARF6G~$ strings cridex_laptop.mem | grep <Regular Expression>
In the preceding command, Strings has been set to search the cridex_laptop.mem memory image for the regular expression following the grep command. In the regular expression portion, this can be any regular expression, including IP addresses, URLs, commands, and potentially scripts that have been run on the system.