I've got an interesting issue that I'm tackling with that I thought I'd throw out to the group for discussion. I'm going to Japan to perform forensic imaging and analysis of several laptop PC's. I'm assuming that aside from power conversion and a few other idiosyncrasies, the imaging piece will not be a problem. A few more details, these machines will be Windows 2000 laptops, most likely imaged using EnCase or dd. I'll have the ability to run either EnCase or FTK Forensic Suites against it the images as well as all of the freely available command line tools. Linux is a possibility as well. The interesting piece comes into the analysis portion. Of interest will be e-mail, files, and deleted space. I was wondering if anyone had any experience performing key word (or grep) searches and other types of analytics in Kanji (Japanese) or another language that does not use English-like characters. I do not think you can type Japanese terms into EnCase. I'm also guessing FTK's DTSearch Indexing function will not allow me to index in Kanji. Command line tools, I imagine will depend on the interface. Some ideas so far . . . feel free to add: - The e-mail will be in .pst files. Therefore, I should be able to mount it in a Japanese configured PC, with Outlook so that a Japanese person can read through the e-mails. FTK may also be able to parse the e-mail assuming the character sets are installed on the analysis PC. - I could use a Win32 port of grep on a Japanese configured PC. - Ontrack PowerDesk has a halfway decent search utility I could run on a Japanese PC. - I could use a Japanese PC to convert the sought after words to Hex and then run those searches in EnCase. Any other ideas/experiences? Thanks. -DB Douglas W. Barbin, CISSP, CFE Principal Consultant W: 925.945.8093 E-Fax: 240.331.6030 M: 415.806.4064 528-C North Civic Drive Walnut Creek, CA 94596 www.guardent.com PGP: 64CB ACA8 0474 B9AF 1B24 6756 FA80 A274 55A3 4122 ______________________________________________________ G U A R D E N T Enterprise Security and Privacy Programs ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Mar 31 2002 - 10:02:45 PST