Re: [sleuthkit-users] Regular Expressions
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Regular Expressions
|
From: Derrick K. <dk...@gm...> - 2016-11-14 18:59:30
|
I tend to go with Zawinski/Lundh's mantra on this one...
'Some people, when confronted with a problem, think “I know, I'll
use regular expressions.” Now they have two problems.'
xD
Seriously though, I used to write a lot more regexes especially for
things like email addresses, credit cards, and credit card track 2
data but that's all built in to the latest Autopsy! Yay!
My only comment is that I tend to gravitate towards Perl-style regex
vs. POSIX (ie. "\s" vs. "[:space:]") and am often searching through
fixed column formats for stuff. ie. Looking at webserver or system
logs where the date would be "Nov\s\s09" or "Nov\s10". If it's
anything else like looking for a phone number then I'll tend to do
whole word searches from an index (ie. "555-1212") or a
"\s?\d{3}-\d{4}" regex to find it.
Derrick
On Mon, Nov 14, 2016 at 11:09 AM, Brian Carrier <ca...@sl...> wrote:
> Autopsy currently has a limitation when searching for regular expressions, that spaces are not supported. It’s not a problem for Email addresses and URLs, but becomes an issue phone numbers, account numbers, etc. This limitation comes from using an indexed search engine (since spaces are used to break text into tokens).
>
> We’re looking at ways of solving that and need some guidance.
>
> If you write your own regular expressions, can you please let me know and share what they look like. We want to know how complex the expressions are that people use in real life.
>
> Thanks!
> ------------------------------------------------------------------------------
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
|
