EnCase v7 could not recognize Chinese character folder names / file names on Linux Platform
Last week my friend brought me an evidence file duplicated from a Linux server, which distribution is CentOS 5.0 and the i18n is zh-tw. She wanna know whether there is any malware on this Linux server or not. OK. Let‘s get to work. I add this evidence and do Evidence Process. Guess what??? EnCase could not recognize Chinese character folder names / filenames, and those folder names / filenames become Hieroglyphics. I am very disappointed and don‘t know what to say to my friend... I guess I have to explain why EnCase may need night vision goggles when examining Linux platform evidence files. It‘s too ridiculous!
Needless to say, my friend also could not believe the #1 forensic tool - EnCase should have problems like that. Fortunately I still have another options like FTK or X-Ways Forensics to take over this case. You guys could take a look at screenshot below. I mount these evidence files by using FTK Imager Lite. You could see the Chinese character folder names / filenames now. I‘d like to remind you that FTK Imager Lite is a free tool...
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。