dtSearch in e-Forensics
e-Forensics
(a.k.a. digital or electronic forensics) involves
searching for information in electronically stored
information (ESI), this is usually as part of
a criminal investigation. Files may have been
renamed or deleted or become corrupted; In forensic
applications, complete and accurate results are
critical, dtSearch incorporates a filtering option
for unrecognised ('binary') files, this improves
completeness and accuracy, without it investigators
would probably miss much of the useful data in
the files they are searching.
Automatic Recognition of Dates, Email Addresses,
and Credit Card Numbers
dtSearch
can automatically recognize dates, email addresses,
and credit card numbers, and search for these
items by type. Through this feature, dtSearch
can, for example, search for a credit card number
regardless of how it may be formatted, or search
for a range of dates even if the dates are expressed
in different text formats (January 15, 2005, through
2/19/07). dtSearch can also extract all dates,
emails and credit card numbers from a collection
of documents.
Encrypted and corrupted Files
After
an index completes, you can click "View Log"
to see a report that will include information
on any encrypted or unreadable files that the
indexer could not process. This report can be
accessed at any time in the index folder in the
file Index_LastUpdateErrors.html. The report indicates
which files were (a) encrypted, (b) corrupt, (c)
partially encrypted, and (d) partially corrupt.
Partially encrypted or corrupt files are files
that could be indexed in part but that included
some encrypted or corrupt data (for example, an
email with an encrypted attachment).
To
index encrypted PDFs, make a temporary, decrypted
copy of the encrypted files, index the decrypted
copy, and then replace the temporary decrypted
copy with the encrypted versions. This one-time
unencryption is sufficient for dtSearch operation.
dtSearch does not need to unencrypt the PDF files
to search and display them with highlighted hits
once the original index is complete.
| Features
of special interest in forensics include: |
 |
Ability
to export files |
| |
Ability
to produce a KWIC (Key word in context ) report |
| |
Built
in WordNet thesaurus for concept searching
(synonyms and related words) |
| |
Support
for heterogeneous language environments for
international organisations and other mixed-language
network users (including Unicode support). |
| |
Macros
enable you to save complex search requests
such as regular expressions |
|
