Common problems of indexers

 

(1)The creation of indexes takes hours, sometimes even a day.

 

(2)Some indexer need to recalculate indexes upon changing of data in hard-disk.

 

(3)Only supported document types, primarily, PDFs, XML, HTML, Unicode, emails can be indexed.

 

 

 

Existing Indexers suitable for network forensics

 

(1)dtSearch -> http://www.dtsearch.com/CS_EvidentData.html

 

(2)Index Engines -> http://www.indexengines.com/product_integration.htm

This is a real-time indexer which can index data over a network of computers. The indexes are updated in a real-time manner whenever there are changes to the files in hard-disks.

 

It indexes at 2 gigabit per second. Furthermore, the optimized indexes occupy only 8% of total size of data indexed.

 

(3)Swish-e indexing -> Customizable, open-source, support many documents type and provide an easy output interface in the form of web pages.

 

 

 

 

 

 

Some References

 

A Quick Introduction to Network Forensics

http://acmqueue.com/modules.php?name=Content&pa=showpage&pid=162&page=2

 

This article introduces an approach using apache server to log in a more efficient way.

 

 

 

 

Computer Forensics – The Key to solving crimes

 http://faculty.ed.umuc.edu/~meinkej/inss690/oseles_2.pdf