2

How can one search a raw disk for a pattern and return its location?

The disk is not formatted, or at least, it uses a format unknown to Linux, grep and similar tools would not be useful.

A command line example would be appreciated. GUI based tool would also be fine, either Unix/Linux or Windows. Thank you.

Improve this question

1 Answer 1

Reset to default
5

Why would grep not be useful? Here is an example of grep returning the byte position of the EFI PART signature at LBA 1 (starting at 512 bytes in) and at LBA -1 (at the end of the disk):

deltik@box52 [~]$ sudo grep -a -o -b 'EFI PART' /dev/nvme0n1
512:EFI PART
41661792:EFI PART
412075976:EFI PART
412207048:EFI PART
587940832:EFI PART
512110190080:EFI PART

Explanation of grep options:

  • -a/--text – treat binary as text
  • -o/--only-matching – returns only matching results
  • -b/--byte-offset – returns the byte offset of the match in the file
Improve this answer
1
  • Splendid, I completely forgot about grep --text option. Thank you.
    – gsl
    Commented Aug 5, 2019 at 7:49

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .