Forensic Focus community,
Does anyone know of some reputable sites that would have PDF or Word templates for data spill clean-ups? I am looking for a layout that someone has already thought about, which provides, names of parties involved, dates, actions taken for a data spill report that would be part of an overall investigation documentation. Any help is greatly appreciated.
My second subject matter of my topic heading is the need for freeware or low cost utility that performs an entire keyword search on a local hard drive, mapped drive searching would be a bonus. If someone created several documents that had the word "Hacking" in them, I would like to know names and locations of those local files in a search result. I know there are some basic windows utilities that can do a lot of this, but I am interested in an output report possibly and a better presentation from a free forensic application.
Thanks for all the help.
Paul
Greetings,
I don't have an answer for your first question. For your second, if it is a one off, you can use dtSearch for free for 30 days. It is also only $200, and a really good investment at that price. Be sure to read their white papers as they discuss how to tune it for better results in certain circumstances.
And, if you want completely free, look at Lucene (http//
-David
+1 for dtSearch. The fact that its indexing engine is used by so many other products speaks volumes.
-1 for dtSearch
It doesn't search the whole of the dataset - for example is disregards HTML and PDF metadata. If it worked properly then FTK wouldn't need to add a 'live search' option.
I can't trust it so I don't use it. There are better tools available (like 'strings' which is open source and configurable)
Paul
Greetings,
Very few tools will process the whole dataset without some additional work. How do you search a PST with strings? Or an Office document which is zipped XML?
I'm not sure how you connect FTK's live search offering with a dtSearch limitation. dtSearch, FTK, EnCase, and other tools offer an indexing/live search capability. What is indexed and is available for live search depends on what is available to be indexed. You can do live search on only text documents, for example.
dtSearch is a viable tool, if you know its limitations. This is true for any tool that you might wish to use.
-David
dtSearch is a viable tool, if you know its limitations. This is true for any tool that you might wish to use.
-David
I agree entirely, I just can't get any simplified information on what dtSearch is or IS NOT indexing. I just don't know it's limitations.
I could read through the whole of the
Paul
It doesn't search the whole of the dataset - for example is disregards HTML and PDF metadata. If it worked properly then FTK wouldn't need to add a 'live search' option.
Forgive me if I've misunderstood the point, but in my experience dtSearch does capture HTML and PDF metadata if configured correctly. This seems to be supported by their website
dtSearch Desktop has dozens of advanced indexing options to give you complete control over the content of each index. It will automatically collect Meta data from HTML, Word and PDF documents as well as from media files such as MP3, ASF and WMV to allow field searching.
Of course there's no perfect solution, but dtSearch deals well with most of the common user-generated content types and I can tell it to either treat anything else as text, or check the logs and follow-up on unrecognised types if the situation requires it.