My friend she told me last week that FTK could not "see" keywords in a plain text files when doing index search. That's very interesting. I used to trust the search results of FTK, and I think there must be something wrong .

I have to do a test to see what's going on. A plain text file named "password.txt" is as below, and its code page is Traditional Chinese Big5.

It makes sense that both FTK and EnCase could hit keyword "密碼" in that plain text file.

Now the test result is not the same as what she told me, could I just say that she is wrong??? No, of course not, the test environment is on the NTFS Volume and I have to do another test on a FAT32 Volume. Guess what??? EnCase could hit the keyword in that plain text file, but FTK failed.

What if the same keyword in a Doc/Docx file on the FAT32 Volume? Now FTK could hit the keyword in the Doc/Docx file.

I try to figure out what's going on here. Correct me if any:

1. FTK supports lots of code page including "Big5".

2. FTK could index and search lots kind of file types including "plain text file".

3. FTK supports so many kind of file systems including "FAT32".

Now my question is:

Why FTK could not hit the keyword in the plain text file whose code page is Big5 lying on FAT32 Volume?

So what the hell is going on??? FTK must "see" the keywords in a plain text file or forensic guys will miss some very important clues like accounts and passwords. It's a very serious problem!

Something wrong with FTK's index search results的更多相关文章

  1. Something wrong with EnCase v8 index search results

    My friend told me that she installed EnCase v8.05 on her workstation which OS version is Win 10. She ...

  2. Does FTK index search support regular expression?

    Some of my friends ask me a question: "Does FTK index search support regular expression?" ...

  3. Index downloads are disabled, search results may be incomplete.

    20元现金领取地址:http://jdb.jiudingcapital.com/phone.html内部邀请码:C8E245J (不写邀请码,没有现金送) 国内私募机构九鼎控股打造,九鼎投资是在全国股 ...

  4. Something wrong with EnCase index search in Unallocated area

    hi, My EnCase version is v7 and I found a terrible issue about index search in Unallocated area. Wit ...

  5. Clustering and Exploring Search Results using Timeline Constructions (paper2)

    作者:Omar Alonso 会议:CIKM 2009 摘要: 截至目前(2009),通过提取文档中内嵌的时间信息来展现和聚类,这方面的工作并不多. 在这篇文章中,我们将提出一个“小插件”增添到现有的 ...

  6. Eclipse使用Maven时出现:Index downloads are disabled, search results may be incomplete.问题解决

    https://www.cnblogs.com/EasonJim/p/6674099.html 1.全局设置 [Windows]->[Preferences]->[Maven]->勾 ...

  7. 【MAVEN】搜索错误“Index downloads are disabled,search results may be incomplete”

    出现上面这个错误,需要将Maven的索引下载到本地. 应用后,在Window -> Show View -> Other -> Maven -> Maven Repositor ...

  8. solrCloud index search (图)

    结合网上的资料,抄袭了几张图,记录下. 1.solrcloud-collection/shard/replica 1.Replica.Leader是core的角色,在index.search的过程中作 ...

  9. Oracle诡异结果调查备忘 - A investigation memo of weird Oracle database search results

    最近需要维护一个差不多十多年前开发的ASP.Net程序,遇到了各种奇奇怪怪的问题,把其中比较难查明的问题记录如下: 问题一: 同样的SQL查询在不同服务器上查询结果不同.在QA环境下,结果完全正常,而 ...

随机推荐

  1. POJ 2342 &&HDU 1520 Anniversary party 树形DP 水题

    一个公司的职员是分级制度的,所有员工刚好是一个树形结构,现在公司要举办一个聚会,邀请部分职员来参加. 要求: 1.为了聚会有趣,若邀请了一个职员,则该职员的直接上级(即父节点)和直接下级(即儿子节点) ...

  2. HTML 表单验证和事件

    1.表单验证<form></form> (1).非空验证(去空格) (2).对比验证(跟一个值对比) (3).范围验证(根据一个范围进行判断) (4).固定格式验证:电话号码, ...

  3. 【转】Action 、 RenderAction 、 Partial 、 RenderPartial 区别

    1.Action . RenderAction Action 方法以字符串的形式返回子视图,可以直接被呈现.RenderAction方法在适当的地方呈现子视图. //One alternative ( ...

  4. setInterval()和setTimeout()的区别

    一.setInterval()函数的语法结构: setInterval(code,interval) setInterval()函数可周期性执行一段代码,也就是说代码会被周期性不断的执行下去. 函数具 ...

  5. Python深入02 上下文管理器

    作者:Vamei 出处:http://www.cnblogs.com/vamei 欢迎转载,也请保留这段声明.谢谢! 上下文管理器(context manager)是Python2.5开始支持的一种语 ...

  6. sql server Geometry 类型操作 笔记

    sqlGeometry 类型为sql server 2008之后的版本 新加的一种CLR扩展数据类型,为广大sql server开发人员存储几何类型及空间运算提供极大的便利,下面说明geometry类 ...

  7. [HDU 4082] Hou Yi's secret (简单计算几何)

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=4082 题目大意: 给你n个点,问能最多构成多少个相似三角形. 用余弦定理,计算三个角度,然后暴力数有多 ...

  8. MySql存储过程学习总结

    创建存储过程 1.格式   MySQL存储过程创建的格式:CREATE PROCEDURE 过程名 ([过程参数[,...]]),举个例子: CREATE PROCEDURE proc1 (OUT s ...

  9. 用js控制选项卡的隐藏与显示

    通过使用ul和div来,借助于jquery来实现选项卡的显示与隐藏 <form action="" method="post"> <div&g ...

  10. OC基础(15)

    @property参数 @Property练习 @class 循环retian *:first-child { margin-top: 0 !important; } body > *:last ...