EnCase v.s. FTK - find out Chinese characters writing in different direction

A friend of mine said to me that she could fool those forensic tools easily by changing writing direction in text. I said to her: "Really? Are you sure...don‘t jump to conclusions too soon...". She showed me two screenshots as below:

1.She used Intella to do full index search:

2. She searched "烈日" and "臺北賓館", and those characters definitely exist in above file, guess what? no any hits found...

Ok Intella failed to find those Chinese characters that actually exist. Let‘s try EnCase and FTK. First we use EnCase to search "bomb". Unfortunately EnCase only got 1 hit...Acutally there is more than 1 "bomb" in it.

Next we search "烈日", and EnCase find 1 hit. So EnCase is clever enough to find out those Chinese characters in vertical direction.

How about FTK? Let‘s search "c4", and FTK could find it out without fail.

Then we search "烈日". FTK sucessfully hits "烈日" exactly as EnCase does.

Suspect may use such tricks to try to fool forensic tools. Fortunately EnCase and FTK could search and hit those Chinese characters in vertical direction. Now she realizes why those forensic tools cost lots of money.

时间: 2024-10-19 14:44:10

EnCase v.s. FTK - find out Chinese characters writing in different direction的相关文章

Configure Amazon RDS mysql to store Chinese Characters

Configure Amazon RDS mysql to store Chinese Characters https://dev.mysql.com/doc/refman/5.7/en/charset-applications.html http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-charac

96.7% recognition rate for handwritten Chinese characters using AI that mimics the human brain

96.7% recognition rate for handwritten Chinese characters using AI that mimics the human brain Fujitsu today announced the development of the world's first handwriting recognition technology by utilizing AI technology modeled on human brain processes

What to do when the Chinese Characters are messed up when extracting from zip archive?

*/--> What to do when the Chinese Characters are messed up when extracting from zip archive? In some cases, I download zipped files from internet, the files have different encoding as the linux Gnome environment, so the Chinese Characters are all mes

Belkasoft Evidence Center could handle Chinese characters well

I've been using Belkasoft Evidence Center for a very long time. It could handle Chinese characters well, so I don't have to waste time decoding...

Does FTK index search support regular expression?

Some of my friends ask me a question: "Does FTK index search support regular expression?" They just participated in FTK Bootcamp last month, and they're trying to spend more time with FTK now. The answer is "Yes". FTK index search supp

IEF could not decode Chinese character in IE history well

My friend is working on some case, and she looks not in the mood. I ask her what's going on. She wants me to look at the screenshot as below. That's why she is upset...IEF could not decode Chinese character in IE history well, so the filenames in Chi

[Powershell] Convert Chinese character to pinying

Found a new job in Beijing, the company was using cloud stuff for infrastructure IT systems, like mail system, mobile messaging, IM. The company is going bigger and stronger, making more money, so the bosses decided update to AD/exchange/lync. It is

Chinese Segmentation Introduction

1. Chinese Segmentation Introduction 最近两天系统的研究了一下中文分词算法,在这里做个简单的总结. 中文分词可以分为(1)基于词典的分词 和(2)非基于词典的分词. 基于词典的分词包括: * MMSEG * Forward/Backward matching * 最小切分 非基于词典的分词主要是通过统计学计算概率的方法进行中文分词,例如CRF, is probability based. And some other machine learning base

深度学习阅读列表 Deep Learning Reading List

Reading List List of reading lists and survey papers: Books Deep Learning, Yoshua Bengio, Ian Goodfellow, Aaron Courville, MIT Press, In preparation. Review Papers Representation Learning: A Review and New Perspectives, Yoshua Bengio, Aaron Courville