A friend of mine said to me that she could fool those forensic tools easily by changing writing direction in text. I said to her: "Really? Are you sure...don't jump to conclusions too soon...". She showed me two screenshots as below:

1.She used Intella to do full index search:

2. She searched "烈日" and "臺北賓館", and those characters definitely exist in above file, guess what? no any hits found...

Ok Intella failed to find those Chinese characters that actually exist. Let's try EnCase and FTK. First we use EnCase to search "bomb". Unfortunately EnCase only got 1 hit...Acutally there is more than 1 "bomb" in it.

Next we search "烈日", and EnCase find 1 hit. So EnCase is clever enough to find out those Chinese characters in vertical direction.

How about FTK? Let's search "c4", and FTK could find it out without fail.

Then we search "烈日". FTK sucessfully hits "烈日" exactly as EnCase does.

Suspect may use such tricks to try to fool forensic tools. Fortunately EnCase and FTK could search and hit those Chinese characters in vertical direction. Now she realizes why those forensic tools cost lots of money.

EnCase v.s. FTK - find out Chinese characters writing in different direction的更多相关文章

  1. Configure Amazon RDS mysql to store Chinese Characters

    Configure Amazon RDS mysql to store Chinese Characters https://dev.mysql.com/doc/refman/5.7/en/chars ...

  2. Belkasoft Evidence Center could handle Chinese characters well

    I've been using Belkasoft Evidence Center for a very long time. It could handle Chinese characters w ...

  3. How to Set Up Chinese Characters on Windows 7

    How to Change the Display Language of non-Unicode Programs in Windows http://www.7tutorials.com/chan ...

  4. Does FTK index search support regular expression?

    Some of my friends ask me a question: "Does FTK index search support regular expression?" ...

  5. Chinese culture

      文房四宝 笔墨纸砚是中国古代文人书房中必备的宝贝,被称为“文房四宝”.用笔墨书写绘画在 中国可追溯到五千年前.秦(前221---前206)时已用不同硬度的毛和竹管制笔:汉代(前206—公元220) ...

  6. IEF could not decode Chinese character in IE history well

    My friend is working on some case, and she looks not in the mood. I ask her what's going on. She wan ...

  7. (Android) Chinese Character

    Convert Chinese strings to English strings Apply pinyin4j.jar public static class ConvertChineseToPi ...

  8. Solution for automatic update of Chinese word segmentation full-text index in NEO4J

    Solution for automatic update of Chinese word segmentation full-text index in NEO4J 1. Sample data 2 ...

  9. {ICIP2014}{收录论文列表}

    This article come from HEREARS-L1: Learning Tuesday 10:30–12:30; Oral Session; Room: Leonard de Vinc ...

随机推荐

  1. JAVA赋值运算符

    赋值预算符,简单来说就是把以及定义了值的变量值赋值给刚定义的变量 例如,a学员,与b学员的成绩相同,a学员是80分,我们根据a学员的成绩,输出b学员的成绩. public class Test{ pu ...

  2. 怎么安装phpcms?PHPCMS V9安装图文教程

    Phpcms是国内领先的网站内容管理系统, 同时也是一个开源的PHP开发框架.PHPCMS V9目前已提供文章.图片.下载等内容模型,在此基础上可非常方便的扩展出信息.房产.交友.点评等功能.已有的模 ...

  3. Struts中<s:checkboxlist>的用法

    一.JSP中 ①集合为list <s:checkboxlist name="list" list="{'Java','.Net','RoR','PHP'}" ...

  4. Java中的匿名类

    我们知道接口一般用于定义一种规范或操作协议,然后子类实现接口的所有功能.如下面的简单代码: 定义IMessage接口 package org.lyk.entities; public interfac ...

  5. HTML5的动画学习历程

    一.三角学原理. function getRadio(d){//根据角度获得弧度,                return d*Math.PI/180;                }, fun ...

  6. centos设置开机自启动

    编辑 /etc/rc.d/rc.local 将要开启的服务添加到该文件即可

  7. EXT dateRange

    VTYPES: Ext.apply(Ext.form.VTypes, { daterange: function (val, field) { var date = field.parseDate(v ...

  8. Flex使用宋体渲染越南语显示错误

    本来应该显示Lưu nhóm,偏偏编译后显示Lưu nhòm.二声变成了四声,并且某些情况下,刚打开的窗口时二声的,然后变成了四声.初始以为是Flex的问题,分别使用S和mx包下的Label做实验,后 ...

  9. UI_RD协作开发流程

    1. 背景 由于android端需要进行多屏幕适配,这就给UI&RD之间的沟通产生了一些困难.我下面将会对这两种角色的沟通,说明了一下我们项目中沟通的方式和规则. 原则:客户端跟UI约定了各种 ...

  10. <iOS>other linker flags[转]

    包含静态库时候需要在Target的Other linker flags里面加上值:-objC,-all_load,-force_load 对于64位机子和iPhone OS应用 解决方法是使用-all ...