Indexing and Searching
To assist with rapid evidence identification, we have added a high-performance, full-featured text search engine to NetAnalysis® v2. The following data types are added to the search index:
Many web browsers maintain their own index to assist with searching (such as Google Chrome c2Body, Apple Safari Lucene Index or Opera Blink Stash). NetAnalysis® can extract the original data from these search databases.
During web page rebuilding, NetAnalysis® extracts the text from web pages by stripping HTML code, CSS and script, leaving behind the content of the page. This data is then written out for indexing and searching.
Some browsers store HTTP entity body information. This data can contain a wide variety of valuable information which may be of interest in an investigation. This data is written out for indexing and searching.
Once the user has created an index, it can be easily searched.
The above window shows a search for the words “cocaine” and “mdma”. The search index is searched for the corresponding words or phrase and a search hit list is presented to the user. Each row represents a single file and shows the user where the search hit is located. The user can easily jump from a search hit back to the original source URL record.
It is a simple process to review all the search hits in context as they are displayed in the lower panel.