A friend of mine said to me that she could fool those forensic tools easily by changing writing direction in text. I said to her: "Really? Are you sure...don't jump to conclusions too soon...". She showed me two screenshots as below:

1.She used Intella to do full index search:

2. She searched "烈日" and "臺北賓館", and those characters definitely exist in above file, guess what? no any hits found...

Ok Intella failed to find those Chinese characters that actually exist. Let's try EnCase and FTK. First we use EnCase to search "bomb". Unfortunately EnCase only got 1 hit...Acutally there is more than 1 "bomb" in it.

Next we search "烈日", and EnCase find 1 hit. So EnCase is clever enough to find out those Chinese characters in vertical direction.

How about FTK? Let's search "c4", and FTK could find it out without fail.

Then we search "烈日". FTK sucessfully hits "烈日" exactly as EnCase does.

Suspect may use such tricks to try to fool forensic tools. Fortunately EnCase and FTK could search and hit those Chinese characters in vertical direction. Now she realizes why those forensic tools cost lots of money.

EnCase v.s. FTK - find out Chinese characters writing in different direction的更多相关文章

  1. Configure Amazon RDS mysql to store Chinese Characters

    Configure Amazon RDS mysql to store Chinese Characters https://dev.mysql.com/doc/refman/5.7/en/chars ...

  2. Belkasoft Evidence Center could handle Chinese characters well

    I've been using Belkasoft Evidence Center for a very long time. It could handle Chinese characters w ...

  3. How to Set Up Chinese Characters on Windows 7

    How to Change the Display Language of non-Unicode Programs in Windows http://www.7tutorials.com/chan ...

  4. Does FTK index search support regular expression?

    Some of my friends ask me a question: "Does FTK index search support regular expression?" ...

  5. Chinese culture

      文房四宝 笔墨纸砚是中国古代文人书房中必备的宝贝,被称为“文房四宝”.用笔墨书写绘画在 中国可追溯到五千年前.秦(前221---前206)时已用不同硬度的毛和竹管制笔:汉代(前206—公元220) ...

  6. IEF could not decode Chinese character in IE history well

    My friend is working on some case, and she looks not in the mood. I ask her what's going on. She wan ...

  7. (Android) Chinese Character

    Convert Chinese strings to English strings Apply pinyin4j.jar public static class ConvertChineseToPi ...

  8. Solution for automatic update of Chinese word segmentation full-text index in NEO4J

    Solution for automatic update of Chinese word segmentation full-text index in NEO4J 1. Sample data 2 ...

  9. {ICIP2014}{收录论文列表}

    This article come from HEREARS-L1: Learning Tuesday 10:30–12:30; Oral Session; Room: Leonard de Vinc ...

随机推荐

  1. c++学习-运算符重载

    重载=号运算符,由于成员属性中有指针会出现错误 #include <iostream> using namespace std; class num{ public: num(){n=;c ...

  2. 对CSS中的Position属性的一些深入探讨

    转:http://www.cnblogs.com/coffeedeveloper/p/3145790.html Position属性 Position的属性值共有四个static.relative.a ...

  3. mongodb的python接口pymongo使用

    1. 连接 from pymongo import MongoClient client = MongoClient("mongodb://mongodb0.example.net:2701 ...

  4. Wix打包相关资源

    1.自定义安装界面(WixUI_Custom.wxs) <?xml version="1.0" encoding="UTF-8"?> <Wix ...

  5. 第6章 System V消息队列

    6.1 概述 System V消息队列在内核中是list存放的,头结点中有2个指针msg_first 和msg_last.其中每个节点包含:下个节点地址的指针.类型.长度.数据等. 6.2 函数 6. ...

  6. php 循环向<select>添加选项

    在控制器内:$this->assign('data',$data);

  7. [Java] 匿名内部类

    package test.file; import java.io.File; import java.io.FilenameFilter; /** * 匿名的内部类 * @author Frost. ...

  8. testng.xml创建及解析

    项目右键---TestNG -----> Convert to TestNG 会自动产生一个testng.xml的文件 http://www.cnblogs.com/choosewang/art ...

  9. 最最基层的ajax交互代码jquery+java之间的json跨域传递以及java的json代码返回

    首先导入jar包 上面的jar包主要是用来将map或list数据转换成json字符串,传递到前台使用. 静态页面的代码:2.html <!DOCTYPE html> <html> ...

  10. ora-01036 illegal variable name number 的补充

    當使用 controlparamter 時, sql 所使用的 為 "@parameter" , 但套用到 Oracle 則會出現 "ORA-01036: illegal ...