My friend she told me last week that FTK could not "see" keywords in a plain text files when doing index search. That's very interesting. I used to trust the search results of FTK, and I think there must be something wrong .
I have to do a test to see what's going on. A plain text file named "password.txt" is as below, and its code page is Traditional Chinese Big5.
It makes sense that both FTK and EnCase could hit keyword "密碼" in that plain text file.
Now the test result is not the same as what she told me, could I just say that she is wrong??? No, of course not, the test environment is on the NTFS Volume and I have to do another test on a FAT32 Volume. Guess what??? EnCase could hit the keyword in that plain text file, but FTK failed.
What if the same keyword in a Doc/Docx file on the FAT32 Volume? Now FTK could hit the keyword in the Doc/Docx file.
I try to figure out what's going on here. Correct me if any:
1. FTK supports lots of code page including "Big5".
2. FTK could index and search lots kind of file types including "plain text file".
3. FTK supports so many kind of file systems including "FAT32".
Now my question is:
Why FTK could not hit the keyword in the plain text file whose code page is Big5 lying on FAT32 Volume?
So what the hell is going on??? FTK must "see" the keywords in a plain text file or forensic guys will miss some very important clues like accounts and passwords. It's a very serious problem!
【推荐】还在用 ECharts 开发大屏?试试这款永久免费的开源 BI 工具!
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步