search

sleuthkit / autopsy

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
http://www.sleuthkit.org/autopsy/
2.41k stars 597 forks source link

Different character encodings #129

Open hping opened 11 years ago

hping commented 11 years ago

It would be quite nice to have Autopsy support other character encodings, such as different setups of EBCDIC and also be able to control which encoding is used. For instance 'Latin - Extended', doesn't really say what's used in the background.

bcarrier commented 11 years ago

Can you help scope out this feature? There are two places that Autopsy uses script information. One is with keyword indexing. For files where the format is not known, we run our internal version of 'strings' on it and it knows about things beyond just latin characters. The check boxes in the Keyword search config represent the Unicode spaces. Perhaps we should better note that.

The other place is that once you've selected a file, there is a strings viewer on the bottom right (that uses the same code as the keyword search code). It also allows you to run strings of a single script on the text.

Are you basically saying that you want EBCDIC added as a supported encoding?