I used to conduct raw search in EnCase v6, and I'd like to see if EnCase v7 raw search could hit keywords inside compound files or not. You won't believe it~search results is 0 but those keywords do exist inside compound files...Let my show you my test as below:

Scenario:

Two compound files, one is a docx and the other is a xlsx. Two keywords, one is "password",and the other is "密碼".

1. Evidence Processing( expand compound files option is checked) completed.

2. word.docx

3. excel.xlsx

4. Conduct raw search

5.Search result = 0

As you could see that those keywords do exist in those two compound files, but no any hits...

EnCase v7 search hits in compound files?的更多相关文章

  1. How to search compound files

    Last week my friend told me that she made a terrible mistake. She conducted raw serch and found no s ...

  2. [DFNews] EnCase v7.08发布

    EnCase v7.08 近日正式发布,7.08增加了Evidence Processor Manager以及Evidence Processor,不仅可以在本地实现证据处理队列,也支持了通过网络进行 ...

  3. Something wrong with EnCase index search in Unallocated area

    hi, My EnCase version is v7 and I found a terrible issue about index search in Unallocated area. Wit ...

  4. [Linux] Search the contents of files using grep

    Learn the basic syntax for using grep to search the contents of a single file or files. It's like CM ...

  5. EnCase v7 could not recognize Chinese character folder names / file names on Linux Platform

    Last week my friend brought me an evidence file duplicated from a Linux server, which distribution i ...

  6. [IR课程笔记]Hyperlink-Induced Topic Search(HITS)

    两个假设 1. 好的hub pages: 好的对某个主题的hub pages 链接许多好的这个主题的authoritative pages. 2. 好的authoritative pages: 好的对 ...

  7. EnCase v.s. FTK - find out Chinese characters writing in different direction

    A friend of mine said to me that she could fool those forensic tools easily by changing writing dire ...

  8. Lucene add、updateDocument添加、更新与search查询(转)

    package com.lucene;   import java.io.IOException;   import org.apache.lucene.analysis.standard.Stand ...

  9. 关于Eclipse Debug断点调试出现 Search not found 页面的解决办法

    1. 在代码中鼠标右键 Debug AS ---> Debug Configurations... ----> 找到Source选项  ---> 点击add ---> 选择 j ...

随机推荐

  1. i++与++i 辨析

    i++:先赋值在自加: ++i:先自加在赋值: 备注:在赋值运算中有区别,单独使用没有区别 ( 例子1:单独使用 for(int i=0;i<10;i++){ } for(int i=0;i&l ...

  2. ylbtech-Unitity-CS-Arrays:数组

    ylbtech-Unitity-CS-Arrays:数组 1.A,效果图返回顶部   1.B,源代码返回顶部 1.B.1, using System; class DeclareArraysSampl ...

  3. JAVA 综合布局应用

    //布局综合应用 import java.awt.*; import javax.swing.*; public class Jiemian4 extends JFrame{ JPanel mb1,m ...

  4. Struts2返回JSON对象的方法总结

    如果是作为客户端的HTTP+JSON接口工程,没有JSP等view视图的情况下,使用Jersery框架开发绝对是第一选择.而在基于Spring3 MVC的架构下,对HTTP+JSON的返回类型也有很好 ...

  5. Jmeter Html 报告优化

    转载自南风_real博客园:http://www.cnblogs.com/jaychang/p/5881525.html 但是最近在查阅相关资料时,发现基本都是重复一篇文章Jmeter使用笔记之htm ...

  6. ftime() 系统时间

    ftime() 函数,这个函数是取系统的时间,精确到毫秒级别,它在windows 和linux 下都可用.所以我暂时是比较喜欢它的. 这个函数返回一个结构体,结构体中两个成员,其中time 成员,与函 ...

  7. [ActionScript 3.0] AS3 用于拖动对象时一次一页的缓动

    package com.fylibs.components.effects{ import com.tweener.transitions.Tweener; import flash.display. ...

  8. DimDate

    CREATE TABLE [dbo].[DimDate]( [DateKey] int NOT NULL , [FullDate] DATE NOT NULL , [MonthNumberOfYear ...

  9. C#中修改Dll文件 (反编译后重新编译)

    Dll文件生成后,如没有源代码,又要修改其中内容 可以用微软自带的ildasm和ilasm程序 先用ildasm将dll文件反编译成il文件 ildasm Test.dll /out=Test.il  ...

  10. [ZOJ 1009] Enigma (模拟)

    题目链接:http://acm.zju.edu.cn/onlinejudge/showProblem.do?problemCode=1009 题目大意:给你三个转换轮,只有当第一个转换轮转动一圈后第二 ...