Regular Expressions - (also known as "regex") are special strings representing a pattern to be matched in a search operation and they can be particularly useful in mobile and computer forensics investigations.
One of the ways we allow investigators to find and focus on relevant evidence is by allowing investigators to customize and bring in a unique set of keywords using a substring or with regular expressions. ADF forensic tools also implement regular expression keywords in our trace captures and keyword lists. So why are Regular Expressions different from using regular keywords?
Use Regular Expressions to Pinpoint Relevant Digital Evidence
Regular Expressions are special strings representing a pattern to be matched in a search operation. The rules for matching text are represented with metacharacters, quantifiers, or plain text. They are strings in which “what to match” is defined or written.
Using Regular Expressions to Search Numerical Patterns
There are many uses and possibilities for regular expressions. One use is for random numerical strings, such as
- Credit Card numbers
- Social Security numbers
- Telephone numbers
When a pattern is known, regular expressions can be used to look for that pattern. Knowing the pattern and how credit card numbers are displayed, a regular expression can be used to locate the many possibilities.
Using Regular Expressions to Search Word Patterns
The same is also true for Word Patterns, take for example looking for any files or documents with the LS moniker. There are many names under the LS Studio moniker including LS Model, LS Mag, LS-Magazine, LS girl, LS island, and more. Using a regular expression one string can replace numerous regular keywords.
Get help using Regular Expressions via the ADF Knowledge Base or from the ADF User Guides which also include a RegEx Cheatsheet and there are many third-party YouTube tutorials to help you get started with Regular Expressions generally.
Mobile Device Investigator, Digital Evidence Investigator, Triage-Investigator, Triage-G2, and the ADF PRO products are built on the same intelligent forensic search engine and are designed with rapid scan capabilities. ADF tools focus on automation and ease of use for deployment to both field investigators and lab examiners.
Our focus is collecting forensic artifacts fast, which is why we've been both a pioneer and leader in forensic triage and automated investigations for 15+ years. This technology enables non-technical investigators to deploy triage tools that maintain chain of custody and stay within the search parameters defined by forensic examiners. In short, we enable our users to find and focus on the relevant evidence quickly.
Using regular expressions helps investigators speed fraud, ICAC and human trafficking investigations.
