My friend she told me last week that FTK could not "see" keywords in a plain text files when doing index search. That's very interesting. I used to trust the search results of FTK, and I think there must be something wrong .

I have to do a test to see what's going on. A plain text file named "password.txt" is as below, and its code page is Traditional Chinese Big5.

It makes sense that both FTK and EnCase could hit keyword "密碼" in that plain text file.

Now the test result is not the same as what she told me, could I just say that she is wrong??? No, of course not, the test environment is on the NTFS Volume and I have to do another test on a FAT32 Volume. Guess what??? EnCase could hit the keyword in that plain text file, but FTK failed.

What if the same keyword in a Doc/Docx file on the FAT32 Volume? Now FTK could hit the keyword in the Doc/Docx file.

I try to figure out what's going on here. Correct me if any:

1. FTK supports lots of code page including "Big5".

2. FTK could index and search lots kind of file types including "plain text file".

3. FTK supports so many kind of file systems including "FAT32".

Now my question is:

Why FTK could not hit the keyword in the plain text file whose code page is Big5 lying on FAT32 Volume?

So what the hell is going on??? FTK must "see" the keywords in a plain text file or forensic guys will miss some very important clues like accounts and passwords. It's a very serious problem!

Something wrong with FTK's index search results的更多相关文章

  1. Something wrong with EnCase v8 index search results

    My friend told me that she installed EnCase v8.05 on her workstation which OS version is Win 10. She ...

  2. Does FTK index search support regular expression?

    Some of my friends ask me a question: "Does FTK index search support regular expression?" ...

  3. Index downloads are disabled, search results may be incomplete.

    20元现金领取地址:http://jdb.jiudingcapital.com/phone.html内部邀请码:C8E245J (不写邀请码,没有现金送) 国内私募机构九鼎控股打造,九鼎投资是在全国股 ...

  4. Something wrong with EnCase index search in Unallocated area

    hi, My EnCase version is v7 and I found a terrible issue about index search in Unallocated area. Wit ...

  5. Clustering and Exploring Search Results using Timeline Constructions (paper2)

    作者:Omar Alonso 会议:CIKM 2009 摘要: 截至目前(2009),通过提取文档中内嵌的时间信息来展现和聚类,这方面的工作并不多. 在这篇文章中,我们将提出一个“小插件”增添到现有的 ...

  6. Eclipse使用Maven时出现:Index downloads are disabled, search results may be incomplete.问题解决

    https://www.cnblogs.com/EasonJim/p/6674099.html 1.全局设置 [Windows]->[Preferences]->[Maven]->勾 ...

  7. 【MAVEN】搜索错误“Index downloads are disabled,search results may be incomplete”

    出现上面这个错误,需要将Maven的索引下载到本地. 应用后,在Window -> Show View -> Other -> Maven -> Maven Repositor ...

  8. solrCloud index search (图)

    结合网上的资料,抄袭了几张图,记录下. 1.solrcloud-collection/shard/replica 1.Replica.Leader是core的角色,在index.search的过程中作 ...

  9. Oracle诡异结果调查备忘 - A investigation memo of weird Oracle database search results

    最近需要维护一个差不多十多年前开发的ASP.Net程序,遇到了各种奇奇怪怪的问题,把其中比较难查明的问题记录如下: 问题一: 同样的SQL查询在不同服务器上查询结果不同.在QA环境下,结果完全正常,而 ...

随机推荐

  1. TFS使用中的问题

    http://msdn.microsoft.com/zh-cn/library/vstudio/fda2bad5.aspx 项目映射步骤(项目上传): a.新建一个空的文件夹Team Server,用 ...

  2. Java注解教程:自定义注解示例,利用反射进行解析

    Java注解能够提供代码的相关信息,同时对于所注解的代码结构又没有直接影响.在这篇教程中,我们将学习Java注解,如何编写自定义注解,注解的使用,以及如何使用反射解析注解. 注解是Java 1.5引入 ...

  3. oninput 属性

    在HTML5中,新增加了oninput属性,它和onchange 的不同就是立刻发生,而onchange 是在失去焦点的时候才发生 <script> function rangeChang ...

  4. python wechat_sdk间接性的出现错误OfficialAPIError: 40001,说access_token已过期或者不是最新的。

    原因是部署django时使用了多进程,每个进程都会去请求access_token,只有最新的那个有效

  5. mysql触发器查看

    查询触发器列表 SHOW TRIGGERS; 但是这个无法查询到没有权限的触发器,可以试试这个 select * from sym_trigger where source_table_name li ...

  6. [HDU 3689]Infinite monkey theorem (KMP+概率DP)

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=3689 黄老师说得对,题目只有做wa了才会有收获,才会有提高. 题意:一个猴子敲键盘,键盘上有n个键,猴 ...

  7. 基于RDBMS的BI设计

    ================================ 都说BI,什么OLAP,什么ROLAP,MOLAP,但是如何基于RDBMS实现,基本都不怎么说. 怎么做的: 1.通过多维分析模型,存 ...

  8. Junit4

    package test.code; import static org.junit.Assert.*; import org.junit.Test; import code.MyCode; publ ...

  9. windows 开机启动(为了关闭虚拟机的那么多开机进程)

    1.阻止VMware开机时的几个进程应用 禁用系统相关服务即可! 具体操作如下:开始运行中输入msconfig,然后点击服务!这时会出现很多服务选项.点击下面的隐藏所有microsoft服务,就只剩下 ...

  10. [ CodeVS冲杯之路 ] P1165

    不充钱,你怎么AC? 题目:http://codevs.cn/problem/1165/ 题目很简单,代码最好写朴实一点,不要想着哪些情况可以合并在一起啊等等 老老实实一个个判断,不然很容易出错 细节 ...