A friend of mine said to me that she could fool those forensic tools easily by changing writing direction in text. I said to her: "Really? Are you sure...don't jump to conclusions too soon...". She showed me two screenshots as below:

1.She used Intella to do full index search:

2. She searched "烈日" and "臺北賓館", and those characters definitely exist in above file, guess what? no any hits found...

Ok Intella failed to find those Chinese characters that actually exist. Let's try EnCase and FTK. First we use EnCase to search "bomb". Unfortunately EnCase only got 1 hit...Acutally there is more than 1 "bomb" in it.

Next we search "烈日", and EnCase find 1 hit. So EnCase is clever enough to find out those Chinese characters in vertical direction.

How about FTK? Let's search "c4", and FTK could find it out without fail.

Then we search "烈日". FTK sucessfully hits "烈日" exactly as EnCase does.

Suspect may use such tricks to try to fool forensic tools. Fortunately EnCase and FTK could search and hit those Chinese characters in vertical direction. Now she realizes why those forensic tools cost lots of money.

EnCase v.s. FTK - find out Chinese characters writing in different direction的更多相关文章

  1. Configure Amazon RDS mysql to store Chinese Characters

    Configure Amazon RDS mysql to store Chinese Characters https://dev.mysql.com/doc/refman/5.7/en/chars ...

  2. Belkasoft Evidence Center could handle Chinese characters well

    I've been using Belkasoft Evidence Center for a very long time. It could handle Chinese characters w ...

  3. How to Set Up Chinese Characters on Windows 7

    How to Change the Display Language of non-Unicode Programs in Windows http://www.7tutorials.com/chan ...

  4. Does FTK index search support regular expression?

    Some of my friends ask me a question: "Does FTK index search support regular expression?" ...

  5. Chinese culture

      文房四宝 笔墨纸砚是中国古代文人书房中必备的宝贝,被称为“文房四宝”.用笔墨书写绘画在 中国可追溯到五千年前.秦(前221---前206)时已用不同硬度的毛和竹管制笔:汉代(前206—公元220) ...

  6. IEF could not decode Chinese character in IE history well

    My friend is working on some case, and she looks not in the mood. I ask her what's going on. She wan ...

  7. (Android) Chinese Character

    Convert Chinese strings to English strings Apply pinyin4j.jar public static class ConvertChineseToPi ...

  8. Solution for automatic update of Chinese word segmentation full-text index in NEO4J

    Solution for automatic update of Chinese word segmentation full-text index in NEO4J 1. Sample data 2 ...

  9. {ICIP2014}{收录论文列表}

    This article come from HEREARS-L1: Learning Tuesday 10:30–12:30; Oral Session; Room: Leonard de Vinc ...

随机推荐

  1. UNIX网络编程

    UNIX网络编程--socket的keep http://www.68idc.cn/help/opersys/unixbsd/20150731471448.html

  2. Apache2 Axis2/C 搭建 hello world

    参考 http://www.cnblogs.com/fjchenqian/archive/2012/08/05/2623601.html http://www.cnblogs.com/ezhong/a ...

  3. ADO.NET Entity Framework(EF)

    ylbtech-Miscellaneos: ADO.NET Entity Framework(EF) A,返回顶部 1, ADO.NET Entity Framework 是微软以 ADO.NET 为 ...

  4. linux常用命令 2

    netstat 显示网络统计信息的命令 此命令用来显示整个 netstat -anp p显示名称的名字 kill -9 进程号 traceroute 显示数据包历程 查询 系统有哪些shellcat ...

  5. Pdf 字段加粗相关资料

    http://blog.csdn.net/lx_lhy/article/details/5603073 http://www.codeweblog.com/stag/setfieldproperty- ...

  6. Mac下搭建cocos2d 和cocos2d -x 环境

    来源:http://blog.csdn.net/duxinfeng2010/article/details/7985024 cocos2d是一个开源框架,用于构建2D游戏.演示程序和其他图形界面交互应 ...

  7. ruby关于flip-flop理解上一个注意点

    (..).each do |x| puts x ) .. (x == ) end 上面的flip-flop的用法,你可以理解成 将 大于等于5和小于等于10的数字打印出来,也就是理解成  puts x ...

  8. Jmeter+jenkins接口性能测试平台实践整理(一)

    最近两周在研究jmeter+Jenkin的性能测试平台测试dubbo接口,分别尝试使用maven,ant和Shell进行构建,jmeter相关设置略. 一.Jmeter+jenkins+Shell+t ...

  9. C++学习40 抛出自己的异常

    throw 是C++中的关键字,用来抛出异常.如果不使用 throw 关键字,try 就什么也捕获不到:上节提到的 at() 函数在内部也使用了 throw 关键字来抛出异常. throw 既可以用在 ...

  10. menu({postion:{my:"left top"},at:"right bottom"})里的my与at会冲突吗

    my(默认值:"center")类型:String描述:定义被定位元素上对准目标元素的位置:"horizontal vertical" 对齐方式.一个单一的值, ...