My friend she told me last week that FTK could not "see" keywords in a plain text files when doing index search. That's very interesting. I used to trust the search results of FTK, and I think there must be something wrong .

I have to do a test to see what's going on. A plain text file named "password.txt" is as below, and its code page is Traditional Chinese Big5.

It makes sense that both FTK and EnCase could hit keyword "密碼" in that plain text file.

Now the test result is not the same as what she told me, could I just say that she is wrong??? No, of course not, the test environment is on the NTFS Volume and I have to do another test on a FAT32 Volume. Guess what??? EnCase could hit the keyword in that plain text file, but FTK failed.

What if the same keyword in a Doc/Docx file on the FAT32 Volume? Now FTK could hit the keyword in the Doc/Docx file.

I try to figure out what's going on here. Correct me if any:

1. FTK supports lots of code page including "Big5".

2. FTK could index and search lots kind of file types including "plain text file".

3. FTK supports so many kind of file systems including "FAT32".

Now my question is:

Why FTK could not hit the keyword in the plain text file whose code page is Big5 lying on FAT32 Volume?

So what the hell is going on??? FTK must "see" the keywords in a plain text file or forensic guys will miss some very important clues like accounts and passwords. It's a very serious problem!

Something wrong with FTK's index search results的更多相关文章

  1. Something wrong with EnCase v8 index search results

    My friend told me that she installed EnCase v8.05 on her workstation which OS version is Win 10. She ...

  2. Does FTK index search support regular expression?

    Some of my friends ask me a question: "Does FTK index search support regular expression?" ...

  3. Index downloads are disabled, search results may be incomplete.

    20元现金领取地址:http://jdb.jiudingcapital.com/phone.html内部邀请码:C8E245J (不写邀请码,没有现金送) 国内私募机构九鼎控股打造,九鼎投资是在全国股 ...

  4. Something wrong with EnCase index search in Unallocated area

    hi, My EnCase version is v7 and I found a terrible issue about index search in Unallocated area. Wit ...

  5. Clustering and Exploring Search Results using Timeline Constructions (paper2)

    作者:Omar Alonso 会议:CIKM 2009 摘要: 截至目前(2009),通过提取文档中内嵌的时间信息来展现和聚类,这方面的工作并不多. 在这篇文章中,我们将提出一个“小插件”增添到现有的 ...

  6. Eclipse使用Maven时出现:Index downloads are disabled, search results may be incomplete.问题解决

    https://www.cnblogs.com/EasonJim/p/6674099.html 1.全局设置 [Windows]->[Preferences]->[Maven]->勾 ...

  7. 【MAVEN】搜索错误“Index downloads are disabled,search results may be incomplete”

    出现上面这个错误,需要将Maven的索引下载到本地. 应用后,在Window -> Show View -> Other -> Maven -> Maven Repositor ...

  8. solrCloud index search (图)

    结合网上的资料,抄袭了几张图,记录下. 1.solrcloud-collection/shard/replica 1.Replica.Leader是core的角色,在index.search的过程中作 ...

  9. Oracle诡异结果调查备忘 - A investigation memo of weird Oracle database search results

    最近需要维护一个差不多十多年前开发的ASP.Net程序,遇到了各种奇奇怪怪的问题,把其中比较难查明的问题记录如下: 问题一: 同样的SQL查询在不同服务器上查询结果不同.在QA环境下,结果完全正常,而 ...

随机推荐

  1. C#使用原生的Directx和OpenGL绘图

    原文 混合语言编程-C#使用原生的Directx和OpenGL绘图的方法 由于项目需要做一些图形展示,所以就想到了使用Directx和OpenGL来绘图,但项目准备使用C#来开发(大家比较熟悉C#), ...

  2. Python中HTTPS连接

    permike 原文 Python中HTTPS连接 今天写代码时碰到一个问题,花了几个小时的时间google, 首先需要安装openssl,更新到最新版本后,在浏览器里看是否可访问,如果是可以的,所以 ...

  3. [MySQL] 同步一张表、复制过滤设置

    一.缘由 据测试要求,需要把线上一张股票信息的表实时同步到测试环境,那么干吧,这次不复制库,单独复制表. 二.解决办法 可以按照同步(复制)库的方法来,在salve端设置 my.cnf,replica ...

  4. linuc c 代码示例

    fork的应用: #include "stdio.h" #include "string.h" #include <sys/types.h> #in ...

  5. bug_ _java.lang.RuntimeException: Unable to start activity ComponentInfo{包名/类名}

      写这篇博文,我顶着很大的压力,贴出来会引来网友的一片鄙视,不贴我又觉得对不起Android SDK研发团队. 本着对全世界Android无产者负责的态度,今天不得不指出Android编译时隐藏的很 ...

  6. MYSQL批量插入数据库实现语句性能分析

    假定我们的表结构如下 代码如下   CREATE TABLE example ( example_id INT NOT NULL, name VARCHAR( 50 ) NOT NULL, value ...

  7. mysql常用脚本

    1.执行拼接字符串sql语句(可传参数) set @dbname='trickraft_14f.'; set @sql=CONCAT('SELECT * FROM ',@dbname,'Armforc ...

  8. DEDE5.7如何制作网站地图?

    DEDE用的人很多,可能大家在使用的过程中会碰到一些问 题,这很正常的,今天我们来讲讲DEDE5.7如何制作网站地图,其实网站地图分两种,一种做给网友看的,方便网友可以方便地找到自己想浏览的内容,另外 ...

  9. JAVA 中关于String的特性

    一.初始化String的两种方式 String str1 = "hello"; String str2 = new String("hello"); 第一种方式 ...

  10. xargs -r

    -r  no-run-if-empty xargs大多数 Linux 命令都会产生输出:文件列表.字符串列表等.但如果要使用其他某个命令并将前一个命令的输出作为参数该怎么办?例如,file 命令显示文 ...