±Your Account
Membership:
New Today: 0
New Yesterday: 4
Overall: 24209
Visitors: 33±Latest Webinar
±Latest Articles
· Android Forensics
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
EnCase Assist
EnCase Assist
Posted: Sat May 12, 2012 2:07 am
Hello, I am new to EnCase, but have used Linux forensic tools for many years. In testing EnCase, I found several differences regarding GREP. [removed by moderator] I have tried numerous patterns and find too many hits, or none at all. Any help is appreciated, as we are looking to invest in this tool.
-
jrobojock - Newbie
Re: EnCase Assist
Posted: Sat May 12, 2012 10:45 am
There are a couple of enscripts (one inbuilt) that will search for credit card numbers, they use the lunh algorithm to reduce the false hits and from memory will break your results out into card type ie. Amex, visa etc.You could run that search and then search over the output to find the specific instances you are after.
Alternatively,
If you can post the normal perl/extended grep you would want to search someone can tell you the equivalent encase syntax (or if its not possible) but as you have no doublt noticed the inbuilt grep is quite limted by comparison.
Alternatively,
If you can post the normal perl/extended grep you would want to search someone can tell you the equivalent encase syntax (or if its not possible) but as you have no doublt noticed the inbuilt grep is quite limted by comparison.
-
96hz - Senior Member
Re: EnCase Assist
Posted: Sat May 12, 2012 10:49 am
There are a couple of enscripts (one inbuilt) that will search for credit card numbers, they use the lunh algorithm to reduce the false hits and from memory will break your results out into card type ie. Amex, visa etc.You could run that search and then search over the output to find the specific instances you are after.
Alternatively,
If you can post the normal perl/extended grep you would want to search someone can tell you the equivalent encase syntax (or if its not possible) but as you have no doublt noticed the inbuilt grep is quite limted by comparison.
Alternatively,
If you can post the normal perl/extended grep you would want to search someone can tell you the equivalent encase syntax (or if its not possible) but as you have no doublt noticed the inbuilt grep is quite limted by comparison.
-
96hz - Senior Member
Re: EnCase Assist
Posted: Sat May 12, 2012 10:50 am
There are a couple of enscripts (one inbuilt) that will search for credit card numbers, they use the lunh algorithm to reduce the false hits and from memory will break your results out into card type ie. Amex, visa etc.You could run that search and then search over the output to find the specific instances you are after.
Alternatively,
If you can post the normal perl/extended grep you would want to search someone can tell you the equivalent encase syntax (or if its not possible) but as you have no doublt noticed the inbuilt grep is quite limted by comparison.
Alternatively,
If you can post the normal perl/extended grep you would want to search someone can tell you the equivalent encase syntax (or if its not possible) but as you have no doublt noticed the inbuilt grep is quite limted by comparison.
-
96hz - Senior Member
Re: EnCase Assist
Posted: Sat May 12, 2012 12:06 pm
EnCase has a built in tester also. You can prepare a test text file and point your grep to it. From there you can adjust your grep to get the hit results you need.
_________________
Some things you just can't "unsee".
_________________
Some things you just can't "unsee".
-
miket065 - Senior Member