Last week my friend told me that she made a terrible mistake. She conducted raw serch and found no search hits within M$ docx files. She did not know what's wrong in the first place until her clients told her that some words actually exist in those docx files...She exported those docx files and examine them very carefully. Yes she found those wors exactly the same with keywords.

She asked me what's going on with EnCase raw search. Why no search hits in docx files...I show her how to conduct raw search on compound files as below:

1. Run EnScript: File-Mounter so you could expand compound files

2. Choose file type: docx

3. Now you could see those docx files become volume with xml files

4. Conduct raw search and you could see search hits inside docx files now

I told her that Forensic is a strict science and she should double check the search results again to make sure she won't make any mistakes. In Court we swear that the evidence that we shall give, shall be the truth, the whole truth and nothing but the truth. I suggest her to re-examine at those evidence and forensic reports she signed in recent years, and see if any wrong with raw search in compound files.

How to search compound files的更多相关文章

  1. EnCase v7 search hits in compound files?

    I used to conduct raw search in EnCase v6, and I'd like to see if EnCase v7 raw search could hit key ...

  2. Python开发环境Wing IDE之Search in Files工具详解

    Search in Files工具是Wing IDE中最强大的搜索选项.它支持磁盘.项目,打开编辑器,或其它文件集的多文件批量搜索.它还可以使用通配符搜索,并可以做基于正则表达式的搜索/替换. 建议用 ...

  3. Everything search syntax

    Operators: space AND | OR ! NOT < > Grouping " " Search for an exact phrase. Wildcar ...

  4. Inplace Search on document libraries and lists is not working

    [http://sharepointfarmer.com/inplace-search-on-document-libraries-and-lists-is-not-working/] I ran i ...

  5. Javascript > Eclipse > problems encountered during text search

    Reproduce: Ctrl + H, Select "File Search", will encounter eclipse kinds of bug/error alert ...

  6. 42 Bing Search Engine Hacks

    42 Bing Search Engine Hacks November 13, 2010 By Ivan Remember Bing, the search engine Microsoft lau ...

  7. lucene原理及源码解析--核心类

    马云说:大家还没搞清PC时代的时候,移动互联网来了,还没搞清移动互联网的时候,大数据时代来了. 然而,我看到的是:在PC时代搞PC的,移动互联网时代搞移动互联网的,大数据时代搞大数据的,都是同一伙儿人 ...

  8. 简单编写Makefile

    相信很多朋友都有过这样的经历,看着开源项目中好几页的makefile文件,不知所云.在日常学习和工作中,也有意无意的去回避makefile,能改就不写,能用ide就用ide.其实makefile并没有 ...

  9. grep 命令过滤配置文件中的注释和空行

    grep 用法 Usage: grep [OPTION]... PATTERN [FILE]... Search for PATTERN in each FILE or standard input. ...

随机推荐

  1. python 判断内网IP方法及实例应用

    一.初衷: 一般在CMDB里会存储一台服务器的内网IP.管理IP.电信IP.联通IP,我们在使用的时候只需要拿到其中一个外网IP地址即可.那么我们就需要判断内网IP.管理IP并剔除掉,获取第一个外网I ...

  2. Linux命令(16)压缩,解压文件

    tar: 简介:tar命令只是把目录打包成一个归档(文件),并不负责压缩.在tar命令中可以带参数调用gzip或bzip2压缩.因为gzip和bzip2只能压缩单个文件. 在linux下是不需要后缀名 ...

  3. image和字节流之间的相互转换

    //将图片转化为长二进制 public Byte[] SetImgToByte(string imgPath) { FileStream file = new FileStream(imgPath, ...

  4. 解决edittext输入多行可以滑动的问题

    解决edittext输入多行可以滑动的问题  Java代码:   public class ScrollEditLayout extends ScrollView { public ScrollEdi ...

  5. Java反射机制探秘

    如何获得Class对象     1.针对每一个对象.getCalss(),可以得到对应的Class. 2.Class.forName(String),String的写法:包名.类名.就会创建包名.类名 ...

  6. dedecms v5.7 sp1 给栏目添加缩略图功能

    一.给数据库添加字段typeimg 如图:   二 . 修改 dede/catalog_add.php 找到 $in_query = "INSERT INTO `#@__arctype`(r ...

  7. jquery怎么实现跨域的访问呢?与别人提供的接口连接

    下面这个例子你可以参考下 <script> $.ajax({ async:false, url: 'http://www.mysite.com/demo.do',  // 跨域URL ty ...

  8. Lua 架构 The Lua Architecture

    转载自:http://magicpanda.net/2010/10/lua%E6%9E%B6%E6%9E%84%E6%96%87%E6%A1%A3/ Lua架构文档(翻译) 十 102010 前段时间 ...

  9. gomoblie flappy 源码分析:游戏逻辑

    本文主要讨论游戏规则逻辑,具体绘制技术请参看相关文章: gomoblie flappy 源码分析:图片素材和大小的处理 http://www.cnblogs.com/ghj1976/p/5222289 ...

  10. [SQL]SqL给局部变量赋值有两种方法

    给局部变量赋值有两种方法: .SET @variable_name=value .SELECT @variable_name=value 两者的区别:SET赋值语句一般用于赋给变量一个指定的常量,SE ...