A friend of mine said to me that she could fool those forensic tools easily by changing writing direction in text. I said to her: "Really? Are you sure...don't jump to conclusions too soon...". She showed me two screenshots as below:

1.She used Intella to do full index search:

2. She searched "烈日" and "臺北賓館", and those characters definitely exist in above file, guess what? no any hits found...

Ok Intella failed to find those Chinese characters that actually exist. Let's try EnCase and FTK. First we use EnCase to search "bomb". Unfortunately EnCase only got 1 hit...Acutally there is more than 1 "bomb" in it.

Next we search "烈日", and EnCase find 1 hit. So EnCase is clever enough to find out those Chinese characters in vertical direction.

How about FTK? Let's search "c4", and FTK could find it out without fail.

Then we search "烈日". FTK sucessfully hits "烈日" exactly as EnCase does.

Suspect may use such tricks to try to fool forensic tools. Fortunately EnCase and FTK could search and hit those Chinese characters in vertical direction. Now she realizes why those forensic tools cost lots of money.

EnCase v.s. FTK - find out Chinese characters writing in different direction的更多相关文章

  1. Configure Amazon RDS mysql to store Chinese Characters

    Configure Amazon RDS mysql to store Chinese Characters https://dev.mysql.com/doc/refman/5.7/en/chars ...

  2. Belkasoft Evidence Center could handle Chinese characters well

    I've been using Belkasoft Evidence Center for a very long time. It could handle Chinese characters w ...

  3. How to Set Up Chinese Characters on Windows 7

    How to Change the Display Language of non-Unicode Programs in Windows http://www.7tutorials.com/chan ...

  4. Does FTK index search support regular expression?

    Some of my friends ask me a question: "Does FTK index search support regular expression?" ...

  5. Chinese culture

      文房四宝 笔墨纸砚是中国古代文人书房中必备的宝贝,被称为“文房四宝”.用笔墨书写绘画在 中国可追溯到五千年前.秦(前221---前206)时已用不同硬度的毛和竹管制笔:汉代(前206—公元220) ...

  6. IEF could not decode Chinese character in IE history well

    My friend is working on some case, and she looks not in the mood. I ask her what's going on. She wan ...

  7. (Android) Chinese Character

    Convert Chinese strings to English strings Apply pinyin4j.jar public static class ConvertChineseToPi ...

  8. Solution for automatic update of Chinese word segmentation full-text index in NEO4J

    Solution for automatic update of Chinese word segmentation full-text index in NEO4J 1. Sample data 2 ...

  9. {ICIP2014}{收录论文列表}

    This article come from HEREARS-L1: Learning Tuesday 10:30–12:30; Oral Session; Room: Leonard de Vinc ...

随机推荐

  1. ci模板布局方式

    1.修改Loader链式加载header和footer方式 参考:http://stackoverflow.com/questions/9540576/header-and-footer-in-cod ...

  2. 转--Android资源总结(环境搭建/ 反编译工具)

    在Android发展前景相当好的情况下,本人最近搜集了一些关于Android的相关资源,当然包含以前发布的博客内容,进行了一次大整合,希望对和我一样是Android的初学者管用,如在文章中有所错误,敬 ...

  3. Redis中7种集合类型应用场景&redis常用命令

    Redis常用数据类型 Redis最为常用的数据类型主要有以下五种: String Hash List Set Sorted set 在具体描述这几种数据类型之前,我们先通过一张图了解下Redis内部 ...

  4. MySQL运算符之 <=>

    问题 : 我在看以前的一个开发者的代码时看到 WHERE p.name <=> NULL 在这个查询语句中 <=>符号是什么意思啊?是不是和 =号是一样啊?还是一个语法错误啊? ...

  5. 利用Hadoop实现超大矩阵相乘之我见(一)

    前记 最近,公司一位挺优秀的总务离职,欢送宴上,她对我说“你是一位挺优秀的程序员”,刚说完,立马道歉说“对不起,我说你是程序员是不是侮辱你了?”我挺诧异,程序员现在是很低端,很被人瞧不起的工作吗?或许 ...

  6. [Java] 日期的简单处理

    package test.date; import java.text.ParseException; import java.text.SimpleDateFormat; import java.u ...

  7. [Java] 03 String获取文件后缀名,判断文件是否合法

    package test.string; import java.util.Arrays; import java.util.List; public class GetFileType { priv ...

  8. windows 修改hosts

    2222.111.1.1 ip 格式要正确,否则硬解会失败. 220.11.1.1

  9. delphi Pointer 转成string

    var  s: string;  p: pointer;  s := PChar(p);前提p指向的字符串要以#0结尾.

  10. Django session 详解-part II-session

    Django中的session是一个高级工具,它可以让用户存储个人信息以便在下次访问网站中使用这些信息.session的基础还是cookie,但是它提供了一些更加高级的功能.请看下面的一个例子: 使用 ...