how to use regular expression on autopsy

General (Technical, Procedural, Software, Hardware etc.)

Last Post by athulin 11 months ago

2 Posts

2 Users

0 Likes

879 Views

RSS

binarry

(@binarry)

Posts: 1

New Member

Topic starter

hello

i want to use a regular expression on autopsy to find all entries of (private bank or privates-banks, or *private*bank*) i have used this syntax

(index.dat | *private*bank*) so is it the correct syntax

thank you

Posted : 10/05/2023 7:41 am

Topic Tags

regex autopsy

athulin

(@athulin)

Posts: 1156

Noble Member

My reply seems to have been blocked by Wordfence. That's kind of good, as a lack of an answer just may make you avoid using grep. It unpracticed hands it is like a scalpel of an eye-surgeon: you won't notice that you just cut yourself.

The Autopsy user guide has good advice: "There is some validation on the regex but it's best to test on a sample image to make sure your regexes are correct and working as expected. One simple way to test is by creating a sample text file that your expression should match, ingesting it as a Logical File Set and then running the regex query."

Posted : 10/05/2023 8:21 pm

8 Forums
15.5 K Topics
92 K Posts
1 Online
40 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed