7-Zip

Overview

7-Zip is a powerful, open-source file archiver that provides high compression ratios and strong encryption. The p7zip command-line version is available on Linux and macOS, while 7-Zip GUI runs natively on Windows. It supports multiple formats including its native 7z format, ZIP, GZIP, BZIP2, TAR, XZ, and WIM. Commonly used in forensic analysis, system administration, and incident response for handling compressed archives.

Installation

Linux (Debian/Ubuntu)

sudo apt-get update
sudo apt-get install p7zip-full
7za --version  # Verify installation

Linux (RHEL/CentOS/Fedora)

sudo yum install p7zip p7zip-plugins
# Or on newer systems
sudo dnf install p7zip p7zip-plugins

macOS

brew install p7zip
7za --version

Windows

Download the installer from https://www.7-zip.org/ or use package manager:

# Using Chocolatey
choco install 7zip

# Using Scoop
scoop install 7zip

Command Syntax

Basic Structure

7za <command> [options] <archive> [files]

The primary commands are:

• a — Add files to archive
• e — Extract files (preserves paths)
• x — Extract files (ignores paths)
• l — List archive contents
• d — Delete files from archive
• u — Update files in archive
• t — Test archive integrity

Creating Archives

Basic Archive Creation

# Create 7z archive (maximum compression)
7za a archive.7z file1.txt file2.txt

# Create ZIP archive
7za a archive.zip file1.txt

# Create TAR archive
7za a archive.tar file1.txt

# Create compressed TAR (TAR.GZ)
7za a archive.tar.gz file1.txt

Recursive Directory Archiving

# Archive entire directory
7za a -r archive.7z /path/to/directory

# Archive with specific filter
7za a -r archive.7z /path/to/directory -x\!*.log

Compression Level Options

# Ultra compression (slowest, best ratio)
7za a -mx=9 archive.7z data/

# Maximum compression
7za a -mx=7 archive.7z data/

# Normal compression (default)
7za a -mx=5 archive.7z data/

# Fast compression
7za a -mx=3 archive.7z data/

# Very fast compression
7za a -mx=1 archive.7z data/

Solid Archives

# Create solid archive for better compression ratio
7za a -ms=on archive.7z directory/

# Disable solid mode
7za a -ms=off archive.7z directory/

Encryption and Password Protection

AES-256 Encryption

# Add files with AES-256 encryption (7z format only)
7za a -p password -mhe=on archive.7z confidential/

# Encrypt with secure password prompt
7za a -mhe=on archive.7z directory/
# Will prompt: Enter password:

# Double password for extra security
7za a -p -mhe=on archive.7z directory/

ZIP Password Protection

# ZIP with password (WinZip-compatible AES-256)
7za a -p password archive.zip sensitive_files/

# ZIP with legacy encryption (older compatibility)
7za a -pPassword archive.zip files/

Password Options

Option	Description
-pPassword	Set password directly (not recommended)
-p	Prompt for password interactively
-mhe=on	Hide file list (7z format only)
-mhe=off	Standard encryption without list hiding

Extracting Archives

Basic Extraction

# Extract 7z archive
7za e archive.7z

# Extract and recreate directory structure
7za x archive.7z

# Extract to specific directory
7za x archive.7z -o/path/to/extract/

# Extract without directory structure
7za e archive.7z -ooutput_folder/

Password-Protected Extraction

# Extract with password
7za x -p password archive.7z

# Extract with password prompt
7za x archive.7z
# Will prompt: Enter password:

# Extract specific files
7za x archive.7z -p password file1.txt file2.txt

Selective Extraction

# Extract only certain file types
7za x archive.7z *.txt

# Extract files matching pattern
7za x archive.7z "*.log" -o/logs/

# Extract excluding certain files
7za x archive.7z -x\!*.tmp

Listing Archive Contents

Basic Listing

# List all files in archive
7za l archive.7z

# List with detailed information
7za l -slt archive.7z

# List specific format
7za l archive.zip

Detailed Output

# Show compression ratio
7za l -ppassword archive.7z

# List encrypted archive
7za l archive.7z -p password

# Show only filenames
7za l archive.7z | grep -E "^-"

Archive Verification and Testing

Integrity Testing

# Test archive integrity
7za t archive.7z

# Test encrypted archive
7za t archive.7z -p password

# Test with verbose output
7za t -v archive.7z

# Test all archives in directory
for file in *.7z; do 7za t "$file"; done

Repair Operations

# Repair corrupted archive (limited capability)
7za x -aoa archive.7z

# Create recovery record before issues arise
7za a -rr3p archive.7z directory/

Archive Splitting

Split Large Archives

# Split archive into 100MB volumes
7za a -v100m archive.7z largefile.iso

# Split into 50MB volumes
7za a -v50m backup.7z /data/

# Split into 1GB volumes
7za a -v1g huge_backup.7z directory/

# Split with custom size
7za a -v2097152k archive.7z directory/  # 2GB volumes

Extracting Split Archives

# Extract first volume (others detected automatically)
7za x archive.7z.001

# Extract with verification
7za x -v archive.7z.001 -o/extract/path/

Excluding and Including Files

Exclusion Patterns

# Exclude specific file type
7za a -r archive.7z /source/ -x\!*.tmp

# Exclude multiple patterns
7za a -r archive.7z /source/ -x\!*.log -x\!*.cache

# Exclude hidden files (Linux)
7za a -r archive.7z /source/ -x\!.*

# Exclude directories
7za a -r archive.7z /source/ -x\!temp -x\!*.tmp

Inclusion Patterns

# Archive only specific types
7za a archive.7z -r /source/ *.txt *.doc

# Multiple inclusion patterns
7za a archive.7z /source/ -i\!*.pdf -i\!*.xlsx

Pipe Operations

Compression via Pipes

# Compress directory on-the-fly
tar -cf - directory/ | 7za a -si archive.tar.7z

# Compress stdin
echo "data" | 7za a -si stdin.7z

# Compress from process
mysqldump database | 7za a -si database_backup.7z

Decompression via Pipes

# Extract and pipe to stdout
7za x -so archive.7z file.txt | cat

# Extract to process
7za x -so archive.7z script.sh | bash

# Extract and decompress further
7za x -so archive.7z backup.tar.gz | tar -xzf -

Performance Tuning

Memory and Threading

# Use multiple threads (default: auto-detect)
7za a -mmt=4 archive.7z directory/

# Single-threaded (lower memory usage)
7za a -mmt=1 archive.7z directory/

# Maximum threads (system-dependent)
7za a -mmt=on archive.7z directory/

Compression Algorithms

# LZMA2 with specific dictionary size
7za a -md=32m archive.7z directory/

# Smaller dictionary (faster, less compression)
7za a -md=4m archive.7z directory/

# Large dictionary (slower, better compression)
7za a -md=128m archive.7z directory/

Forensic Use Cases

Forensic Evidence Preservation

# Create read-only archive with timestamps preserved
7za a -mta=on -mtc=on -mtp=on evidence.7z /evidence/path/

# Archive with recovery record for integrity verification
7za a -rr10p -v650m evidence.7z /evidence/directory/

# Password-protect forensic data with encryption
7za a -p ForensicPassword -mhe=on evidence.7z /evidence/

Chain of Custody

# Verify archive hasn't been modified
7za t -v evidence.7z > chain_of_custody.log

# Compare hashes after extraction
sha256sum file_before > hash_before.txt
7za x evidence.7z
sha256sum extracted_file > hash_after.txt
diff hash_before.txt hash_after.txt

Memory Dump Analysis

# Archive large memory dumps with maximum compression
7za a -mx=9 -md=192m memdump.7z memory.bin

# Split for storage/transfer
7za a -mx=9 -v700m memdump.7z memory.bin

# Extract with verification
7za x -t memdump.7z.001

Advanced Options Reference

Option	Description
-a	Add files to archive
-d	Delete files from archive
-e	Extract files without paths
-x	Extract with directory structure
-l	List archive contents
-t	Test archive integrity
-p[password]	Set password
-mx=9	Set compression level (1-9)
-md=32m	Dictionary size
-mmt=4	Thread count
-r	Recurse subdirectories
-v100m	Create 100MB volumes
-mhe=on	Hide encrypted file list
-mta=on	Preserve access time
-mtc=on	Preserve creation time
-mtp=on	Preserve modification time
-so	Extract to stdout
-si	Read from stdin
-aoa	Overwrite all files
-aos	Skip files if exist
-aou	Auto-rename if exists

Common Workflows

Full System Backup

# Create encrypted full backup
7za a -p MyPassword -mx=5 -mhe=on backup_$(date +%Y%m%d).7z \
  /home/ /etc/ /opt/ \
  -x\!.cache -x\!.tmp -x\!*.log

# Verify backup
7za t -p MyPassword backup_$(date +%Y%m%d).7z

Multi-Volume Archive

# Split into DVD-sized volumes
7za a -v4700m -mx=7 data.7z /large/directory/

# Extract from any volume
7za x data.7z.001

Secure Data Disposal

# Archive and encrypt before deletion
7za a -mhe=on -p SecurePassword confidential.7z sensitive_files/
shred -vfz -n 3 sensitive_files/*
rm -rf sensitive_files/

Troubleshooting

Common Issues

Issue	Solution
Archive corrupted	Use 7za t to test, then 7za x -aoa to recover
Out of memory	Reduce -md value or use -mmt=1
Permission denied	Use sudo or check file permissions
Wrong password	Verify with 7za l -ppassword archive.7z first
Format not recognized	Ensure correct command for file type

Memory and Performance

# Low-memory systems
7za a -mx=1 -md=2m -mmt=1 archive.7z files/

# High-performance systems
7za a -mx=9 -md=256m -mmt=on archive.7z files/

# Check compression statistics
7za l -slt archive.7z | grep -E "Compressed|Uncompressed"

Additional Resources

• Official documentation: https://www.7-zip.org/
• p7zip project: http://p7zip.sourceforge.net/
• Compression ratio comparisons across formats available in man pages
• For Windows GUI documentation, consult 7-Zip help menu