Has anyone successfully searched a binary dump of a mobile phone using Cellebrite PA or XACT with a regular expression for the unicode code points?
The following should hit a range of all the codepoints and find a single instance but raises errors
\x{0600}-\x{06FF}
Searching like the below provides too many hits and false positives
\x06[\x00-\xFF]{4,8}
I'm looking for possible deleted arabic contacts and do not have a name to provide the search engine. I know I'm just not getting it right.
Any suggestions at all would be welcome - including using EnCase or if you have a list of a number of Arabic names in a text file I could import.
I'm frustrated with my Goog searches x
I've just tried writing something similar to this "in the right way" for Latin Unicode characters in XACT. Infuriating.
Best I can some up for you with at the moment is
(\x06[\x00-\xFF]){3,15}
This should work for UTF-16 big endian (swap the range and the \x06 byte around for little endian) and captures groups between 3 and 15 characters in length - you might need to play with this.
This is in XACT - make sure you turn greedy matching on.
Of course if the text is encoded UTF-8 or with a windows code page, you'll not hit on this. I've got another theory I might try as well, I'll let you know if it's successful!