I'm about to commence an investigation where it is possible the suspect has hidden details of stolen credit cards on his PC. Has anyone attempted to conduct this kind of search before and if so by what means.
A little more detail; the machine has been siezed and the hard drive imaged. Our first thoughts were to use X-Ways Forensics to search for certain card number sequences.
Many thanks in advance for you thoughts.
Grep?
Hi Xennith,
Yes that is an option and I believe there are some examples of scripts that could be used to identify these records.
As I recall, I think that both Encase and Ftk have fikters available for credit cards.
Hi Beetle,
Many thanks for that I will investigate what's available. I presume these both work from images and search for certain characteristics?
One approach/avenue
Use GREP to search for numbers in MSR format. Particularly Line2 magnetic data. These can often be found in plain text, in unallocated or within live files.
E.G http//
Use a better source such as the official standards (ISO etc) to get a clearer picture of how the magnetic data is stored and written .
Also look for MSR programs and executables for writing to magnetic stripes.
Hi Dan0841,
Thanks for the advice, I believe that the suggested approach sounds the right one. I believe we can probably ring fence the likely card details to be found so this will make the search process a little easier. Once again thank you for taking the time to respond I'm most grateful to you.
Hi Beetle,
Many thanks for that I will investigate what's available. I presume these both work from images and search for certain characteristics?
Yes, they were structured to look for the pattern of numbers that were specific to each card issuer, say VISA issues cards in Canada that begin with 4 and have x number of digits in a certain sequence. As others have stated this can also be done with grep and the filters as I recall them were essentially the same thing but could be run against as image whereas grep can't.
Hi Beetle,
Many thanks that's very helpful. I have got in contact with our supplier to try and obtain the filters. Very much obliged for all your help.
You can use FTK for it
1. Add evidence and let the FTK to reveal deleted/ carved /slack space etc files,
2. You can you use OCR inluded in FTK, all images (jpg, tiff, etc ) will be take up to recognise and convert to text ( so You will be able search all infroamtion included in graphics)
3. All information will be indexed , and after that You can use pattern digits represented credit card numbers in regular expression searching
I'm about to commence an investigation where it is possible the suspect has hidden details of stolen credit cards on his PC. Has anyone attempted to conduct this kind of searceh before and if so by what means.
A little more detail; the machine has been siezed and the hard drive imaged. Our first thoughts were to use X-Ways Forensics to search for certain card number sequences.
Many thanks in advance for you thoughts.