SANS Digital Forensics and Incident Response Blog: Tag - string searching

Digital Forensic SIFTing: String Searching and File Carving using srch_strings_wrap

The latest version of the SANS Investigative Forensic Toolkit (SIFT 2.12) contains a few scripts I wrote, and Rob asked me to write a post for the blog going over their functionality. The scripts add on to the functionality provided by The Sleuth Kit's srch_strings to provide additional information on string matches and automatically carve … Continue reading Digital Forensic SIFTing: String Searching and File Carving using srch_strings_wrap


Data reduction redux and map-reduce

A few days ago I wrote a post about applying the principle of least frequent occurrence to string searches in forensics. This post will discuss how long that process may take and at the end, will show some significant ways to speed up the process. In the previous post I used the following compound command … Continue reading Data reduction redux and map-reduce