Re: [sleuthkit-users] Autopsy 3.0.8 : Keyword Research ineffective
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy 3.0.8 : Keyword Research ineffective
|
From: Brian C. <ca...@sl...> - 2013-12-20 14:28:45
|
Hi Philippe, What keyword are you searching for and what do you expect it to match on? The current search is exact match, meaning that if you search for "top" it will only find instances of "top" and not "autopsy". We're working on changing the UI to make substrings easier. Currently, you need to choose the keyword as "regular expression" and use the term ".*top.*" in that case. Does that solve the scenario you are talking about or are you missing an exact match? thanks, brian On Dec 13, 2013, at 5:11 AM, Philippe Jourdin <pjo...@pa...> wrote: > Hello, > > I have generated a DD file on a Ubuntu 10.04 VM. (dd if=/dev/sdb1 of=/usr3/essai3.dd) > /dev/sdb1 is EXT3. > > I get 1G file. Then I transfer (Binary copy) it to my Windows XP(SP3) disk. > > When Autopsy ingest this file, there is no Keyword hits detected although : > > - I KNOW there is a witness non-deleted file which contains a keyword I record in Autopsy Keyword Hits. > - I could list and display my witness file on Autopsy Data Sources tree > > Is somebody known this problem ? > > Many thanks > Regards > > Philippe JOURDIN > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
