Hi All 🙂 First post here but I've been surfing here for a few months.
I was hoping to get some input on some general keyword lists with the theme of drugs, violence, inappropriate relations/materials, etc for import into EnCase and other more manual analysis tools. After using the case specific keywords I often want to come up with more possible intel of objectionable behavior, etc. Are there any keywords lists online specifically for investigations like this, any general keywords lists from the feds or anything? I would be a bit surprised if everyone always had to generate their own.
Any feedback would be greatly appreciated 🙂
Thanks all,
Ty Bodell
Ty,
A warm welcome to the forums, glad to see you've decided to post after keepin any eye on us for a while!
Kind regards,
Jamie
Hi Ty,
Have you tried contacting nist.gov about those lists? After all, they have the KFF-database as well. Maybe they have standardized word lists, though I coulnd't find them at their site. I haven't looked too thorough, though.
Maybe
Good luck,
Pepijn
You might find people are a bit protective of their keyword lists. I have a really good library of them, that I have collected and created over time…….
If I can get over my selfishness I will post it to the downloads section as a text file. You can import it into EnCase in one go.
Andy
I emailed a few NIST addresses that I thought would be able to answer my question and found a few word lists on various groups and in Digital Investigator for CP, Gangs, and Narcotics. I'm working on a rootkit/infected/malware/hacking wordlist that is coming along nicely 8)
Big thanks for all the input,
Ty
Great 🙂 I'd be happy if you would share them with the forum. In almost every case I've done, I could manage with the case-specific keyword list, so I don't have a general one… but it would be a nice addition to have.
Aren't you afraid of too many false positives when using a general word list?
Regards,
Pepijn
I'll try and clean em up a bit and post em when I get a shot (note that the content is of course offensive so they may be provided in .zip or something, I'll talk to the admin).
About the false positives, when i posed the inquiry about 'general' keyword lists someone actually recommended that I use the "Jam Echelon Day" keyword lists… somewhat funny and then not at all 😛 But truthfully, the majority of examinations we get are from businesses or organizations that just suspect or have reported employee / staff / student /biz partner "misconduct". Most of the time we have some idea which direction to go like if drugs were involved, or if inappropriate material was involved, or hacking, etc. So there is where the general keyword lists for those topics comes in handy.
As you mentioned most of the time the case specific keywords are enough to turn up enough results but sometimes "enough" isn't what you're looking for if the evidence is going to support a court case so I want to be as thorough with the analysis as possible. Though it takes longer to weed out the 'good stuff' when using broader topic keyword lists it has definitely paid off for my some of my results.
Cheers 8) ,
Ty
Any one have the above list or similar keyword lists you mind sharing?
Thanks!