My friend she told me last week that FTK could not "see" keywords in a plain text files when doing index search. That's very interesting. I used to trust the search results of FTK, and I think there must be something wrong .

I have to do a test to see what's going on. A plain text file named "password.txt" is as below, and its code page is Traditional Chinese Big5.

It makes sense that both FTK and EnCase could hit keyword "密碼" in that plain text file.

Now the test result is not the same as what she told me, could I just say that she is wrong??? No, of course not, the test environment is on the NTFS Volume and I have to do another test on a FAT32 Volume. Guess what??? EnCase could hit the keyword in that plain text file, but FTK failed.

What if the same keyword in a Doc/Docx file on the FAT32 Volume? Now FTK could hit the keyword in the Doc/Docx file.

I try to figure out what's going on here. Correct me if any:

1. FTK supports lots of code page including "Big5".

2. FTK could index and search lots kind of file types including "plain text file".

3. FTK supports so many kind of file systems including "FAT32".

Now my question is:

Why FTK could not hit the keyword in the plain text file whose code page is Big5 lying on FAT32 Volume?

So what the hell is going on??? FTK must "see" the keywords in a plain text file or forensic guys will miss some very important clues like accounts and passwords. It's a very serious problem!

Something wrong with FTK's index search results的更多相关文章

  1. Something wrong with EnCase v8 index search results

    My friend told me that she installed EnCase v8.05 on her workstation which OS version is Win 10. She ...

  2. Does FTK index search support regular expression?

    Some of my friends ask me a question: "Does FTK index search support regular expression?" ...

  3. Index downloads are disabled, search results may be incomplete.

    20元现金领取地址:http://jdb.jiudingcapital.com/phone.html内部邀请码:C8E245J (不写邀请码,没有现金送) 国内私募机构九鼎控股打造,九鼎投资是在全国股 ...

  4. Something wrong with EnCase index search in Unallocated area

    hi, My EnCase version is v7 and I found a terrible issue about index search in Unallocated area. Wit ...

  5. Clustering and Exploring Search Results using Timeline Constructions (paper2)

    作者:Omar Alonso 会议:CIKM 2009 摘要: 截至目前(2009),通过提取文档中内嵌的时间信息来展现和聚类,这方面的工作并不多. 在这篇文章中,我们将提出一个“小插件”增添到现有的 ...

  6. Eclipse使用Maven时出现:Index downloads are disabled, search results may be incomplete.问题解决

    https://www.cnblogs.com/EasonJim/p/6674099.html 1.全局设置 [Windows]->[Preferences]->[Maven]->勾 ...

  7. 【MAVEN】搜索错误“Index downloads are disabled,search results may be incomplete”

    出现上面这个错误,需要将Maven的索引下载到本地. 应用后,在Window -> Show View -> Other -> Maven -> Maven Repositor ...

  8. solrCloud index search (图)

    结合网上的资料,抄袭了几张图,记录下. 1.solrcloud-collection/shard/replica 1.Replica.Leader是core的角色,在index.search的过程中作 ...

  9. Oracle诡异结果调查备忘 - A investigation memo of weird Oracle database search results

    最近需要维护一个差不多十多年前开发的ASP.Net程序,遇到了各种奇奇怪怪的问题,把其中比较难查明的问题记录如下: 问题一: 同样的SQL查询在不同服务器上查询结果不同.在QA环境下,结果完全正常,而 ...

随机推荐

  1. MVC ViewData和ViewBag[转]

    转自:http://blog.csdn.net/a497785609/article/details/7854402#t0       视图数据可以通过ViewBag属性访问,它主要是为了从Contr ...

  2. ARM7+PROTEUS调试(转)

    网上说ARM7调试产生的.axf文件不能直接放在PROTEUS中调试,方法:将.axf文件复制一份修改后缀名为.elf文件加载即可:hex文件删除倒数(用编辑器)第二行后保存即可加载

  3. StringIO 模块用于在内存缓冲区中读写数据

    模块是用类编写的,只有一个StringIO类,所以它的可用方法都在类中.此类中的大部分函数都与对文件的操作方法类似. 例: #coding=gbk import StringIO s=StringIO ...

  4. Pdf 字段加粗相关资料

    http://blog.csdn.net/lx_lhy/article/details/5603073 http://www.codeweblog.com/stag/setfieldproperty- ...

  5. ROWID-Oracle中删除重复行数据

    DELETE FROM DEPT_BAK WHERE ROWID NOT IN (SELECT MIN(ROWID) RID FROM DEPT_BAK GROUP BY DEPTNO,DNAME,L ...

  6. ubuntu 14.04 安装git server

    版本信息 ubuntu : 14.04.1 git version 1.9.1 perl v5.10.1 ssh OpenSSH_6.6.1p1 本次安装的git server使用gitolite实现 ...

  7. 页面设计--Label

    页面设计功能是实现可视化的拖拉方式来设计业务单据页面,同时支持主从表单功能. 包含经常用到的控件:Label.TestBox.Button.ComboBox下拉框.CheckBox复选框.RadioB ...

  8. 打印从1到最大的n位数

    //和剑指offer程序基本一致,不过print和进位两部分合并在一个程序中 //如果把其分拆,进行适当的整理,代码会更加整洁 void PrintToMaxOfDigitsN(int n) { ) ...

  9. dedecms不安全啊

    两个站都早被黑了,没心弄了.该注意的都注意了,除了没定期升级.不靠谱啊.开源软件的安全性是个大问题.

  10. 用了skin皮肤控件之后,报错:容量超出了最大容量 参数名:capacity

    http://blog.csdn.net/keenweiwei/article/details/7403869 用了皮肤控件之后,报错:容量超出了最大容量 参数名:capacity MessageBo ...