A Term Distribution Visualization Approach to Digital Forensic String Search
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
| Hi-index | 0.00 |
Forensic investigations focus on searches of files or portions of files. These portions may come from active or deleted files, slack space, or non-allocated space. Things may be even more complicated with distributed file systems or large hard disks, which can create further and often unjustifiable demands on processing power. Some forensic analysts enhance the effectiveness of their work by using extremely complex and powerful tools such as GREP (Global Regular Expression Print). This tool was developed in the early 1970s to search for words or word fragments anywhere on the disk. The GREP expressions are so effective that even automated tools such as Encase and FTK make broad use of them, although their power depends strongly on the technical expertise of the user.