My friend she told me last week that FTK could not "see" keywords in a plain text files when doing index search. That's very interesting. I used to trust the search results of FTK, and I think there must be something wrong .

I have to do a test to see what's going on. A plain text file named "password.txt" is as below, and its code page is Traditional Chinese Big5.

It makes sense that both FTK and EnCase could hit keyword "密碼" in that plain text file.

Now the test result is not the same as what she told me, could I just say that she is wrong??? No, of course not, the test environment is on the NTFS Volume and I have to do another test on a FAT32 Volume. Guess what??? EnCase could hit the keyword in that plain text file, but FTK failed.

What if the same keyword in a Doc/Docx file on the FAT32 Volume? Now FTK could hit the keyword in the Doc/Docx file.

I try to figure out what's going on here. Correct me if any:

1. FTK supports lots of code page including "Big5".

2. FTK could index and search lots kind of file types including "plain text file".

3. FTK supports so many kind of file systems including "FAT32".

Now my question is:

Why FTK could not hit the keyword in the plain text file whose code page is Big5 lying on FAT32 Volume?

So what the hell is going on??? FTK must "see" the keywords in a plain text file or forensic guys will miss some very important clues like accounts and passwords. It's a very serious problem!

Something wrong with FTK's index search results的更多相关文章

  1. Something wrong with EnCase v8 index search results

    My friend told me that she installed EnCase v8.05 on her workstation which OS version is Win 10. She ...

  2. Does FTK index search support regular expression?

    Some of my friends ask me a question: "Does FTK index search support regular expression?" ...

  3. Index downloads are disabled, search results may be incomplete.

    20元现金领取地址:http://jdb.jiudingcapital.com/phone.html内部邀请码:C8E245J (不写邀请码,没有现金送) 国内私募机构九鼎控股打造,九鼎投资是在全国股 ...

  4. Something wrong with EnCase index search in Unallocated area

    hi, My EnCase version is v7 and I found a terrible issue about index search in Unallocated area. Wit ...

  5. Clustering and Exploring Search Results using Timeline Constructions (paper2)

    作者:Omar Alonso 会议:CIKM 2009 摘要: 截至目前(2009),通过提取文档中内嵌的时间信息来展现和聚类,这方面的工作并不多. 在这篇文章中,我们将提出一个“小插件”增添到现有的 ...

  6. Eclipse使用Maven时出现:Index downloads are disabled, search results may be incomplete.问题解决

    https://www.cnblogs.com/EasonJim/p/6674099.html 1.全局设置 [Windows]->[Preferences]->[Maven]->勾 ...

  7. 【MAVEN】搜索错误“Index downloads are disabled,search results may be incomplete”

    出现上面这个错误,需要将Maven的索引下载到本地. 应用后,在Window -> Show View -> Other -> Maven -> Maven Repositor ...

  8. solrCloud index search (图)

    结合网上的资料,抄袭了几张图,记录下. 1.solrcloud-collection/shard/replica 1.Replica.Leader是core的角色,在index.search的过程中作 ...

  9. Oracle诡异结果调查备忘 - A investigation memo of weird Oracle database search results

    最近需要维护一个差不多十多年前开发的ASP.Net程序,遇到了各种奇奇怪怪的问题,把其中比较难查明的问题记录如下: 问题一: 同样的SQL查询在不同服务器上查询结果不同.在QA环境下,结果完全正常,而 ...

随机推荐

  1. linux shell 中的位置变量

    对于linux shell 中的位置变量,我一直以来都是吐不出来又咽不下去,每次看到都不懂,不懂了就去百度google,看完了又忘,真是慢性咽炎啊.现在认真想想也是,其实自己一直以来都没有好好学习过, ...

  2. (转)ZooKeeper伪分布式集群安装及使用

    转自:http://blog.fens.me/hadoop-zookeeper-intro/ 前言 ZooKeeper是Hadoop家族的一款高性能的分布式协作的产品.在单机中,系统协作大都是进程级的 ...

  3. MODBUS-RTU学习

    一 RTU比ASCII传输密度高.参数格式:起始位+8BITS数据位+校验位+停止位. 1.1校验默认为偶校验,建议为无校验,测试要多1个停止位(即停止位为2位) 1.2发送顺序为从左到右LSB-&g ...

  4. ARM7+PROTEUS调试(转)

    网上说ARM7调试产生的.axf文件不能直接放在PROTEUS中调试,方法:将.axf文件复制一份修改后缀名为.elf文件加载即可:hex文件删除倒数(用编辑器)第二行后保存即可加载

  5. Xcode5.0使用iOS6.1SDK及模拟器

    最近项目中,介于测试人员提出的问题,有些情况只在ios6的设备上才能显现,而本机的xcode已升级到最新的5.0,这可如何是好呢,在网上搜索了一番,找到如下方法解决此问题: 1.打开xcode5.0的 ...

  6. delphi TServerSocket阻塞线程单元 实例

    TServerSocket阻塞线程单元,希望对你有所帮助.需要注意的是:1.如果你使用TServerSocket的stNonBlocking模式,重写TServerClientThread线程时要重载 ...

  7. [SQL]LTRIM 、 RTRIM、SUBSTRING 如何使用

    (一) LTRIM ( character_expression )删除字符变量中的起始空格 RTRIM ( character_expression ) 删除字符变量中的尾随空格 (二) SUBST ...

  8. 第二章 D - Number Sequence(1.5.10)

    转载请注明出处:優YoU http://user.qzone.qq.com/289065406/blog/1301527312 大致题意: 有一串数字串,其规律为 1 12 123 1234 1234 ...

  9. IntelliJ IDEA显示行号方法

    File->Settings->Editor->General->Appearence->Show line numbers

  10. (转)c# math 计算两点之间的角度公式

    计算两点之间的角度公式是: 假设点一(X1,Y1),点二(X2,Y2) double angleOfLine = Math.Atan2((Y2 - Y1), (X2 - X2)) * 180 / Ma ...