Searching for keywords within files
With many investigations it is necessary to search for certain keywords within files. CnW has the tools to do this, and a search can be carried out at the same time as a data recovery. Each file, as it is saved is searched, and the results are stored in the main log.
This an optional feature of the commercial and forensic packages only.
To select keywords to search for, there is a selection button on the configuration screen of each media type. When selected, the screen below is displayed
To create a new table, enter the name in the ‘New table name’ and select Add new table.
Once the table has been created, strings may be added by the ‘Add entry’ function, in which case the dialog box below will be displayed. The string may then be entered in ASCII or Hex. (A non printing hex character will be displayed as a ‘.’)The strings may searched for in any combination of normal 8 bit characters, or Unicode. The searching can be case sensitive or case ignore. Up to 100 strings, with a length of 60 characters may be searched for at any time.
The string searching is performed as a separate program thread, so on a multi-core PC, there should be no noticeable slowing of the system do to the searching.
The results are stored in the main log, under the Search in Files tag
Processing of keywords
Most analysis of keywords will be via the log. If a keyword entry is double clicked, a hex image of the file will be displayed, and the first instance will be high lighted. (This is true for files upto 8MB in length).
The second way to view a summary is via the forensic report. There is an entry that displays the keyword, the number of files it has been found in, and the total number of times the word or string has been found.