Hello everyone, i'm dealing with the keyword search feature on FTK and i have to use a regular expression to search for phone digits. (strings with +0123456789#*)
with autopsy TSK i would use grep regular expressions and run something like this \+?[0-9#\*]{4,}
the question is
does FTK support the grep style regular expressions? or it has its own sintax?
i would have asked this on the accessdata forum, but i'm a bit in a hurry and they didn't confirm my subscription so…
FTK uses an implemenation of RegEx. Here is AD's guide
http//
From memory there is a Phone Number RegEx search included as part of the examples in FTK - so you could alter/build from that to be in the correct format
thnx a lot for your help, i've solved my issue, the regexp used by FTK are the same as the grep ones.
btw, does anyone know wich version of oracle is distributed with the FTK2 DVD?
i finally have a box i can install oracle on to separate the frontend from the backend and work with 2 machines, but for the second one i have to use linux so i was wondering if the same version and so i need oracle for linux.
i tried to install the express edition but when it comes to setup FTK2 it returns me an error that says it can't run a script for database creation.
i tried to install the express edition but when it comes to setup FTK2 it returns me an error that says it can't run a script for database creation.
The script is a Windows installer. If you know enough about Oracle you may be able to make it work.
You might try posting on the AD forum and see if support can help you manually create the Oracle database. I remember reading that you can use an existing Oracle installation if you have one available.
i would ask on the AD forum but still i didn't receive account activation…. (
thnx for your help.
i managed to install oracle and make FTK connect to it, but when it comes to process evidence files they are added as "pending" and the process never starts.
also when trying to remove the case from the DB results as an error..
dunno why tho.