One of the important aspects of binary analysis is the ability to discover unknown binaries on a system, or to discover when a known binary has been replaced with one using the same name. There are a plethora of methods we could use, some open source, others commercial, but since the scope of this book is to focus on the tools freely available to us, we will embrace the power of the Linux Terminal. Everything in this recipe will work on both the 32-bit Ubuntu virtual machine and the 64-bit Ubuntu virtual machine we created in Chapter 1, Setting Up the Lab. Feel free to use either virtual machine to complete this recipe and future recipes in this chapter.

In this recipe, we will employ the following tools to perform binary discovery on our systems. I want to reiterate that this is by no means a complete list. We will cover all of these tools in depth in Chapter 5, Linux Tools for Binary Analysis:

• find
• file
• ls
• updatedb/locate
• ps
• Bash