[sleuthkit-users] Regex in Keyword Lists

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I must be missing something obvious, but I can’t seem to make regex based
keyword searches work in Autopsy 3.1.0 (running on Windows 8).  In the
Advanced Keyword Search Configuration Dialog, the “Regular Expression”
checkbox is greyed out and won’t allow you to select it.  I tried to work
around it by manually editing the the xml and then importing the list.
When I do that, it shows up in the keyword list with the RegEx box
checked, but it doesn’t seem to actually return any results.  Granted, I’m
trying to do a somewhat complicated query:

 Foo((\s{1,3}(?:[a-zA-Z\-\.]{1,} ?){0,2}\s)|\s{1,3})Bar

…”Bar" within 3 words after “Foo”.  But even simple regex entered in to
the Keyword Search bar doesn’t seem to return results properly.

Suggestions?

Thanks,
Josh