A friend of mine said to me that she could fool those forensic tools easily by changing writing direction in text. I said to her: "Really? Are you sure...don't jump to conclusions too soon...". She showed me two screenshots as below:

1.She used Intella to do full index search:

2. She searched "烈日" and "臺北賓館", and those characters definitely exist in above file, guess what? no any hits found...

Ok Intella failed to find those Chinese characters that actually exist. Let's try EnCase and FTK. First we use EnCase to search "bomb". Unfortunately EnCase only got 1 hit...Acutally there is more than 1 "bomb" in it.

Next we search "烈日", and EnCase find 1 hit. So EnCase is clever enough to find out those Chinese characters in vertical direction.

How about FTK? Let's search "c4", and FTK could find it out without fail.

Then we search "烈日". FTK sucessfully hits "烈日" exactly as EnCase does.

Suspect may use such tricks to try to fool forensic tools. Fortunately EnCase and FTK could search and hit those Chinese characters in vertical direction. Now she realizes why those forensic tools cost lots of money.

EnCase v.s. FTK - find out Chinese characters writing in different direction的更多相关文章

  1. Configure Amazon RDS mysql to store Chinese Characters

    Configure Amazon RDS mysql to store Chinese Characters https://dev.mysql.com/doc/refman/5.7/en/chars ...

  2. Belkasoft Evidence Center could handle Chinese characters well

    I've been using Belkasoft Evidence Center for a very long time. It could handle Chinese characters w ...

  3. How to Set Up Chinese Characters on Windows 7

    How to Change the Display Language of non-Unicode Programs in Windows http://www.7tutorials.com/chan ...

  4. Does FTK index search support regular expression?

    Some of my friends ask me a question: "Does FTK index search support regular expression?" ...

  5. Chinese culture

      文房四宝 笔墨纸砚是中国古代文人书房中必备的宝贝,被称为“文房四宝”.用笔墨书写绘画在 中国可追溯到五千年前.秦(前221---前206)时已用不同硬度的毛和竹管制笔:汉代(前206—公元220) ...

  6. IEF could not decode Chinese character in IE history well

    My friend is working on some case, and she looks not in the mood. I ask her what's going on. She wan ...

  7. (Android) Chinese Character

    Convert Chinese strings to English strings Apply pinyin4j.jar public static class ConvertChineseToPi ...

  8. Solution for automatic update of Chinese word segmentation full-text index in NEO4J

    Solution for automatic update of Chinese word segmentation full-text index in NEO4J 1. Sample data 2 ...

  9. {ICIP2014}{收录论文列表}

    This article come from HEREARS-L1: Learning Tuesday 10:30–12:30; Oral Session; Room: Leonard de Vinc ...

随机推荐

  1. 图片_ _Android有效解决加载大图片时内存溢出的问题 2

    Android有效解决加载大图片时内存溢出的问题 博客分类: Android Android游戏虚拟机算法JNI 尽量不要使用setImageBitmap或 setImageResource或 Bit ...

  2. ylbtech-Unitity-cs:传递的字符串中数字字符的数目

    ylbtech-Unitity-cs:传递的字符串中数字字符的数目 1.A,效果图返回顶部   1.B,源代码返回顶部 1.B.1, using System; namespace Functions ...

  3. PHP批量替换MySql数据库中的数据内容(替换MySql数据库内容源码)

    PHP批量替换MySql数据库内容 UTF-8 1.0版 <?php //声明 //1.本源码开发意图:作者在使用一些CMS建站的时候发现很多CMS把网址写入到数据库了,如果换网址,那么就需要更 ...

  4. js实现的新闻列表垂直滚动实现详解

    js实现的新闻列表垂直滚动实现详解:新闻列表垂直滚动效果在大量的网站都有应用,有点自然是不言而喻的,首先由于网页的空间有限,使用滚动代码可以使用最小的空间提供更多的信息量,还有让网页有了动态的效果,更 ...

  5. phpStudy(lnmp)集成环境安装

    phpStudy phpStudy » PHP教程 » phpStudy for Linux (lnmp+lamp一键安装包) phpStudy for Linux (lnmp+lamp一键安装包) ...

  6. centos安装——usb安装技术问题整理

    1) 官网How tohttp://wiki.centos.org/HowTos/InstallFromUSBkey 2)我安装碰到的问题:http://www.douban.com/group/to ...

  7. rhel5 新建用户提示:the home directory already exists.

    rhel5 新建用户提示:the home directory already exists.(as4不存在这个问题) 环境如下: [oracle@rhel5 ~]$ df -hFilesystem  ...

  8. Codeforces 452D [模拟][贪心]

    题意: 给你k件衣服处理,告诉你洗衣机烘干机折叠机的数量,和它们处理一件衣服的时间,要求一件衣服在洗完之后必须立刻烘干,烘干之后必须立刻折叠,问所需的最小时间. 思路: 1.按照时间模拟 2.若洗完的 ...

  9. HTML控件-Select

    从今天开始,编写对于html控件的特性的探索文章,会广泛的引用网络的资源,所以本文的版权属于广大人民群众,欢迎转载,也同样禁止商业应用. [高手勿喷,标签页点击红色叉叉] select控件有一个特性: ...

  10. oracle 事务测试

    此文章是根据官方改变 模拟帐户转账流程 1.JOHN帐户扣除-DAVID帐户增加-记录日志-事务提交 三个操作必须全部完成此事务才完成,否则失败 创建帐户余额表自增字段自增序列:    ; 创建支票表 ...