Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Tip
For help using the Bulk Extractor Viewer, please see the Bulk Extractor Viewer tutorial.

Overview

BitCurator can help you locate and explore specific types of information in your disk image; this feature both allows you to

...

Before pressing the "Start bulk_extractor" button in the Bulk Extractor Viewer, you have the option of including or excluding a variety of scanners in the Bulk Extractor reports, via the checkboxes on the right side of the page (i.e. after completing Step 6 of the Bulk Extractor tutorial). Note that there is not necessarily a one-to-one relationship between scanners (toggled on or off) and the produced reports. For example, the pii.txt report, although it is currently only written to by the "Accounts" scanner, will not necessarily only contain PII from credit cards and SSNs. Multiple scanners might write to the same feature file: the "exif" scanner searches the file formats used by digital cameras, finds GPS coordinates in images, and writes those findings to the output file gps.txt; a separate scanner, the gps scanner, searches Garmin Trackpoint data and also finds GPS coordinates and writes them to gps.txt[1]. Additionally, many of the scanners produce a histogram file an addition to the main output file; for example, the email scanner generates "email_histogram.txt" in addition to "email.txt".

...

  1. http://digitalcorpora.org/downloads/bulk_extractor/BEUsersManual.pdf
  2. //www.https://forensicswiki.orgxyz/wiki/index.php?title=Bulk_extractor
  3. //digitalcorpora.org/downloads/bulk_extractor/doc/2013.COSE.bulk_extractor.pdf
  4. https://raw.github.com/simsong/bulk_extractor/master/doc/programmer_manual/BEProgrammersManual.tex
  5. https://web.archive.org/web/20170705220707/http://www.acmetech.com/documentation/credit_cards/magstripe_track_format.html
  6. https://en.wikipedia.org/wiki/Rijndael_key_schedule
  7. https://en.wikipedia.org/wiki/Base16
  8. https://en.wikipedia.org/wiki/Base64
  9. https://en.wikipedia.org/wiki/Executable_and_Linkable_Format
  10. http://en.wikipedia.org/wiki/Exchangeable_image_file_format
  11. http://helpdeskgeek.com/windows-vista-tips/delete-remove-hiberfil-sys/
  12. https://en.wikipedia.org/wiki/JSON
  13. https://en.wikipedia.org/wiki/Kml
  14. https://en.wikipedia.org/wiki/Network_packet
  15. http://wiki.wireshark.org/Development/LibpcapFileFormat
  16. https://en.wikipedia.org/wiki/Rar
  17. https://en.wikipedia.org/wiki/Vcard
  18. http://technet.microsoft.com/en-us/library/cc766093%28v=ws.10%29.aspx
  19. http://windows.microsoft.com/en-us/windows-vista/what-is-the-prefetch-folder