From 37b7224646b243a5875a0a64b520c3fa6bcd2e85 Mon Sep 17 00:00:00 2001
From: Eric Conrad <git@zez.me>
Date: Thu, 7 Sep 2017 16:25:09 -0400
Subject: [PATCH] Update DeepWhite.md

---
 DeepWhite.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/DeepWhite.md b/DeepWhite.md
index 420acc2..bde4685 100644
--- a/DeepWhite.md
+++ b/DeepWhite.md
@@ -32,9 +32,10 @@ hashdeep.exe -r / -c md5,sha1,sha56 > raw-hashes.csv
 Note that hashdeep, etc., has a dumb recursive design (from the manpage):
 
 > Enables recursive mode. All subdirectories are traversed. Please note that recursive mode cannot be used to examine all files of a given file extension. For example, calling hashdeep -r *.txt will examine all files in directories that end in .txt. Move file to Unix/Linux, remove Windows carriage returns, grab EXEs and DLLs, make CSV.
-:
+
+On Linux/Unix: take the raw CSV, remove the carriage returns, select DLLs, EXEs and SYS files, grab the 2nd field to the end, and create a new whitelist:
 ```
-cat raw-hashes.csv | tr -d '\r' | egrep "\.dll$|\.exe$" | cut -d, -f2- > win10-x64.csv
+cat raw-hashes.csv | tr -d '\r' | egrep "\.dll$|\.exe$|\.sys" | cut -d, -f2- > file-whitelist.csv
 ```
 
 Add this entry to the first line of the file (only sha256 and path are currently needed)