My friend she told me last week that FTK could not "see" keywords in a plain text files when doing index search. That's very interesting. I used to trust the search results of FTK, and I think there must be something wrong .

I have to do a test to see what's going on. A plain text file named "password.txt" is as below, and its code page is Traditional Chinese Big5.

It makes sense that both FTK and EnCase could hit keyword "密碼" in that plain text file.

Now the test result is not the same as what she told me, could I just say that she is wrong??? No, of course not, the test environment is on the NTFS Volume and I have to do another test on a FAT32 Volume. Guess what??? EnCase could hit the keyword in that plain text file, but FTK failed.

What if the same keyword in a Doc/Docx file on the FAT32 Volume? Now FTK could hit the keyword in the Doc/Docx file.

I try to figure out what's going on here. Correct me if any:

1. FTK supports lots of code page including "Big5".

2. FTK could index and search lots kind of file types including "plain text file".

3. FTK supports so many kind of file systems including "FAT32".

Now my question is:

Why FTK could not hit the keyword in the plain text file whose code page is Big5 lying on FAT32 Volume?

So what the hell is going on??? FTK must "see" the keywords in a plain text file or forensic guys will miss some very important clues like accounts and passwords. It's a very serious problem!

Something wrong with FTK's index search results的更多相关文章

  1. Something wrong with EnCase v8 index search results

    My friend told me that she installed EnCase v8.05 on her workstation which OS version is Win 10. She ...

  2. Does FTK index search support regular expression?

    Some of my friends ask me a question: "Does FTK index search support regular expression?" ...

  3. Index downloads are disabled, search results may be incomplete.

    20元现金领取地址:http://jdb.jiudingcapital.com/phone.html内部邀请码:C8E245J (不写邀请码,没有现金送) 国内私募机构九鼎控股打造,九鼎投资是在全国股 ...

  4. Something wrong with EnCase index search in Unallocated area

    hi, My EnCase version is v7 and I found a terrible issue about index search in Unallocated area. Wit ...

  5. Clustering and Exploring Search Results using Timeline Constructions (paper2)

    作者:Omar Alonso 会议:CIKM 2009 摘要: 截至目前(2009),通过提取文档中内嵌的时间信息来展现和聚类,这方面的工作并不多. 在这篇文章中,我们将提出一个“小插件”增添到现有的 ...

  6. Eclipse使用Maven时出现:Index downloads are disabled, search results may be incomplete.问题解决

    https://www.cnblogs.com/EasonJim/p/6674099.html 1.全局设置 [Windows]->[Preferences]->[Maven]->勾 ...

  7. 【MAVEN】搜索错误“Index downloads are disabled,search results may be incomplete”

    出现上面这个错误,需要将Maven的索引下载到本地. 应用后,在Window -> Show View -> Other -> Maven -> Maven Repositor ...

  8. solrCloud index search (图)

    结合网上的资料,抄袭了几张图,记录下. 1.solrcloud-collection/shard/replica 1.Replica.Leader是core的角色,在index.search的过程中作 ...

  9. Oracle诡异结果调查备忘 - A investigation memo of weird Oracle database search results

    最近需要维护一个差不多十多年前开发的ASP.Net程序,遇到了各种奇奇怪怪的问题,把其中比较难查明的问题记录如下: 问题一: 同样的SQL查询在不同服务器上查询结果不同.在QA环境下,结果完全正常,而 ...

随机推荐

  1. NeHe OpenGL教程 第二十八课:贝塞尔曲面

    转自[翻译]NeHe OpenGL 教程 前言 声明,此 NeHe OpenGL教程系列文章由51博客yarin翻译(2010-08-19),本博客为转载并稍加整理与修改.对NeHe的OpenGL管线 ...

  2. python(19)编码问题

    转载链接:http://blog.csdn.net/lxdcyh/article/details/4018054 python的编码问题,一直都让人很头疼,今天就整理下python的编码知识. 首先: ...

  3. JavaScript笔记之数组 keyword(存储和释放&堆栈 & 按值 引用)

    1.数组创建及初始化 var obj=new Array(); var arr=[]; 可以延伸为长度一定的,字面量定义数组 2.堆栈 按值传递 引用类型 数组是引用类型,不是值传递, 栈:系桶自动分 ...

  4. JAVA集合小结

    下面是我自己画的,关系画得没上面好,但我自己看着清楚些 还有一张下载来的:   有序否 允许元素重复否 Collection 否 是 List 是 是 Set AbstractSet 否 否 Hash ...

  5. 使用matplot绘图 @python

    1. 使用csv 模块读取数据 2. 定义label 3. 绘图,调参 #!/usr/bin/env python # coding=utf-8 import sys import matplotli ...

  6. oracle10g如何配置客户端

    http://jingyan.baidu.com/article/4d58d541c108939dd4e9c0f5.html 不行的话: 对tnsnames.ora进行编辑:ORCL = (DESCR ...

  7. dede如何按自己写的ID进行排序

    点评:dede排序问题:如何按自己写的ID排序,更改一下函数.即可轻松实现,下面有个具体的示例,大家可以参考下. 更改一下函数,实现排序方式根据自己写的ID排序就好了. 方法: 1.打开include ...

  8. freemarker空值的多种处理方法

    默认情况下,freemarker的变量必须有值,如果没有被赋值的变量在页面上使用就会抛出异常,出错的信息都会显示在页面上. 解决办法: 方法一.我们可以在页面上使用freemarker变量时 以 ${ ...

  9. div 滚动定位代码

    var thisheith;        $(function () {            var divid = '#14681-121320-197209';            $(di ...

  10. Sqlserver中存储过程,触发器,自定义函数(二)

    Sqlserver中存储过程,触发器,自定义函数: 自定义函数:1.函数类型:2.函数的参数和返回值: 1.函数类型:标量值函数,返回的是一个标量值表值函数:内联表值函数:多语句表值函数. 标量值函数 ...