Tag Archives: gnuplot

Visualizing binary samples, now with scripts!

Well, have worked the stuff from my previous post into a set of scripts, just to share. For more on the visualizing of binary samples and why/how it works, you can refer to that post for more details.

You can download the code here. You need to have gnuplot installed. And yes, this runs in Linux (perhaps it could run in cygwin too, but YMMV).

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

How to use: (the output folder defaults to ./output/ )

./generate_scatterplots.sh <binaries_folder> [<output_folder>]

HTH.

Continue reading Visualizing binary samples, now with scripts!

Advertisements

Visualizing the spread of binary content

Edit: this has been worked into a set of scripts for downloading here.

One of the other weird ideas I had (which was more possible for me to implement at this stage) was to visualize the content of binary data in a way that showed its characteristics at a glance. Analyzing binary data appears to be one of the things you do a lot in DFIR work when you are faced with cryptanalysis tasks.

A couple of questions that came to mind when looking at a set of binary data were:

  1. Which offsets had relatively constant binary values?
  2. What are the range of binary values that can be observed from these offsets?

Getting some ideas from my dabbling with converting binaries into images, here’s something that I cobbled together. Please do feel free to ask questions or discuss in the comments section below.
Continue reading Visualizing the spread of binary content