Does anyone have a suggestion for a tool that will allow me to search for a text string in a bit-stream copy of a lap top (dd)?
I had a Power point presentation with a photo - they want the original photo's metadata. So I opened the ppt with notepad and found what I am pretty sure is the correct file path and image name, despite the encryption- but the file path does not exits on the bit-stream copy of the lap top - so it has either been deleted (which is what I am hoping) or the ppt was created on a different machine. Does this reasoning make sense? I would like to search the bit-stream copy for the text of the file path. Any suggestions or input MUCH appreciated! Thanks!!!
> Does anyone have a suggestion for a tool that will allow me to search for a text string
Okay, so I'm totally confused. Which do you want? A hex or an ASCII search tool? I've used UltraEdit to search dd-based image files for hex content before, and use strings or BinText to search for ASCII and Unicode.
<<Okay, so I'm totally confused. Which do you want? A hex or an ASCII search tool? I've used UltraEdit to search dd-based image files for hex content before, and use strings or BinText to search for ASCII and Unicode.>>
OK- I see. I would like to search the imaged drive's possible deleted files - slack space or whatever for a file path name "MyDocuments/Images/imagename.bmp" so - I guess that would be an ascii search(?) but how can I search the files marked for overwrite, etc. using an ascii search. Thanks for the reply!
Most forensic analysis tools will let you perform searches of unallocated space, etc.