EnCase v.s. FTK - find out Chinese characters writing in different direction
A friend of mine said to me that she could fool those forensic tools easily by changing writing direction in text. I said to her: "Really? Are you sure...don't jump to conclusions too soon...". She showed me two screenshots as below:
1.She used Intella to do full index search:
2. She searched "烈日" and "臺北賓館", and those characters definitely exist in above file, guess what? no any hits found...
Ok Intella failed to find those Chinese characters that actually exist. Let's try EnCase and FTK. First we use EnCase to search "bomb". Unfortunately EnCase only got 1 hit...Acutally there is more than 1 "bomb" in it.
Next we search "烈日", and EnCase find 1 hit. So EnCase is clever enough to find out those Chinese characters in vertical direction.
How about FTK? Let's search "c4", and FTK could find it out without fail.
Then we search "烈日". FTK sucessfully hits "烈日" exactly as EnCase does.
Suspect may use such tricks to try to fool forensic tools. Fortunately EnCase and FTK could search and hit those Chinese characters in vertical direction. Now she realizes why those forensic tools cost lots of money.
最新文章
- 【Asphyre引擎】学习笔记(二)
- java生成带html样式的word文件
- 阿里巴巴的分布式应用框架-dubbo负载均衡策略--- 一致哈希算法
- CentOS上安装FastDFS分布式文件系统
- 拼接<a>标签相关属性
- XDubg的配置与应用
- MEMS陀螺仪(gyroscope)的工作原理
- android样式布局---&gt;ListView(附上源代码)
- Qdocconf 写法
- regular expression tutorial
- Java设计模式之模板方法设计模式(银行计息案例)
- 如何在Centos 7上用Logrotate管理日志文件
- mac 查看某个文件夹下所有隐藏文件(夹)的大小
- 浏览器控制台调试json数据
- Django组件-Forms组件
- js实现点击按钮复制文本功能
- aix 查看内存,CPU 配置信息
- Oracle数据库死锁和MySQL死锁构造和比较
- angular 4 和django 1.11.1 前后端交互 总结
- 根据UIScrollView的contentOffset值精确控制动画