We start step 1 and step 2 by running the file command using the --help argument and then viewing the man page for the file command, respectively. This is always a good place to start if you're unfamiliar with a tool's arguments. As many times as I've used various tools or commands on Linux, I always find myself referencing the tool's man page or the command's help menu. There is no shame in looking something up when we can't seem to remember a command's arguments, and instead of trying to guess what the particular argument is, we might save ourselves some time by just looking it up.
In step 3, we start by issuing the file command without any arguments against our example binary. We should be familiar with the output of running file in this way. Next, we use the -i argument to the file command, which displays the mime type and mime encoding of the binary. As you may recall, this argument was used along with grep and find during the discovery phase of our methodology that we learned about in the previous chapter. The next argument we pass to the file command is the -p argument, which tells file not to change the date that the binary was last accessed. In other words, if our operating system is keeping track of when files were last accessed, this command argument preserves the current date setting and does not alter it after parsing the binary. This can be useful in some specific scenarios. Notice that we also pass the -i argument again to format the output with the mime type and mime encoding information.
Next, we issue the --mime-type argument, which only displays the file name and the mime type information. In our case, ch05-example has an application/x-executable mime type. On the next line, we issue the --mime-encoding argument to file; this only outputs the file name, along with its mime encoding information, which in our case, is binary. The final arguments we provide to the file command are rather lengthy but I wanted to highlight some of the configurability options of this command. In this command, we are overwriting the default values for the indir, name, elf_notes, elf_phnum, and elf_shnum parameters. Refer to the man page for file for explanations on what each parameter is responsible for.