Re: [sleuthkit-users] [OT] Bulk_extractor and SSN's

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Version 1.4’s SSN recognizer only recognizes labeled SSNs.  

Version 1.5 allows you to specify one of three SSN recognition modes:

    -S ssn_mode=0	SSN’s must be labeled “SSN:”. Dashes or no dashes okay.
    -S ssn_mode=1	No “SSN” required, but dashes are required.
    -S ssn_mode=2	No dashes required. Allow any 9-digit number that matches SSN allocation range.

Simson

On Mar 11, 2014, at 3:32 PM, Grundy Barry J TIGTA <Bar...@ti...> wrote:

> My confusion likely stems from the fact that I could not get the scanners to pick up SSN’s.    I’m running 1.4.1 (the stable version that I have tested for use in our lab), and I could not find reference to SSN’s and applicable scanners in any reference material on line.  The capability is mentioned in several places, particularly wrt pii.txt, but nothing else. 
>  
> I did not mean for my confusion to confuse you. 
>  
> I’ll check out the code in 1.5.  Thanks.
>  
> /*******************************************
> Barry J. Grundy
> Assistant Special Agent in Charge
> Digital Forensic Support Group 
> Electronic Crimes and Intelligence Division
> Treasury Inspector General for Tax Administration
> (301) 210-8741 (w)
> (202) 527-5778 (c)
> Bar...@ti...
> ********************************************\
>  
> From: Simson Garfinkel [mailto:si...@ac...] 
> Sent: Tuesday, March 11, 2014 3:06 PM
> To: Grundy Barry J TIGTA
> Cc: sle...@li...
> Subject: Re: [sleuthkit-users] [OT] Bulk_extractor and SSN's
>  
> Hi, Barry.
>  
> What do you consider confusing? We’ll try to clear it up.
>  
> The SSN detector was cleaned up in version 1.5. You can download the code from the github repo and run it with version 1.4 if you wish. We have created multiple modes for SSN detection which you can set from the command line given the kind of case that you are working.
>  
> Simson
>  
>  
> On Mar 11, 2014, at 2:27 PM, Grundy Barry J TIGTA <Bar...@ti...> wrote:
> 
> 
> Good Afternoon,
>  
> Looking for a quick answer, so I thought I’d post here for cross users. 
>  
> I’ve been using bulk_extractor for awhile, and it works well.  I’m come across an instance where I need to find SSN’s (in the thousands) in an image.  While there are other ways to do it, I really like the feature file and histogram output of BE.  There’s some very confusing info on the web regarding the ‘accts’ scanner and SSN’s.  Is it able to find the numbers or not?  It has not worked for me on test files, but I’ve found a number of references that mention it should (The BitCurator Wiki on BE scanners, for example).
>  
> I’ve used the “-f [regexp]” option, but was still wondering if there is a built in scanner.
>  
> Thanks,
>  
> /*******************************************
> Barry J. Grundy
> Assistant Special Agent in Charge
> Digital Forensic Support Group 
> Electronic Crimes and Intelligence Division
> Treasury Inspector General for Tax Administration
> (301) 210-8741 (w)
> (202) 527-5778 (c)
> Bar...@ti...
> ********************************************\
>  
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech_______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org