Hello, I am new to EnCase, but have used Linux forensic tools for many years. In testing EnCase, I found several differences regarding GREP. [removed by moderator] I have tried numerous patterns and find too many hits, or none at all. Any help is appreciated, as we are looking to invest in this tool.
There are a couple of enscripts (one inbuilt) that will search for credit card numbers, they use the lunh algorithm to reduce the false hits and from memory will break your results out into card type ie. Amex, visa etc.You could run that search and then search over the output to find the specific instances you are after.
Alternatively,
If you can post the normal perl/extended grep you would want to search someone can tell you the equivalent encase syntax (or if its not possible) but as you have no doublt noticed the inbuilt grep is quite limted by comparison.
There are a couple of enscripts (one inbuilt) that will search for credit card numbers, they use the lunh algorithm to reduce the false hits and from memory will break your results out into card type ie. Amex, visa etc.You could run that search and then search over the output to find the specific instances you are after.
Alternatively,
If you can post the normal perl/extended grep you would want to search someone can tell you the equivalent encase syntax (or if its not possible) but as you have no doublt noticed the inbuilt grep is quite limted by comparison.
There are a couple of enscripts (one inbuilt) that will search for credit card numbers, they use the lunh algorithm to reduce the false hits and from memory will break your results out into card type ie. Amex, visa etc.You could run that search and then search over the output to find the specific instances you are after.
Alternatively,
If you can post the normal perl/extended grep you would want to search someone can tell you the equivalent encase syntax (or if its not possible) but as you have no doublt noticed the inbuilt grep is quite limted by comparison.
EnCase has a built in tester also. You can prepare a test text file and point your grep to it. From there you can adjust your grep to get the hit results you need.