Keyword search in compressed Office Document

A place to ask the community for help with using Autopsy.

Moderator: carrier

Keyword search in compressed Office Document

Postby leonard21 » Tue Feb 07, 2017 10:17 am

Hello,

I'm a newbie with Autopsy and I try to exercise myself on keywords search.
Unfortunately in my case I've got some Microsoft Office Documents (docx, xlsx, mime type : application/vnd.openxmlformats-officedocument...) for which no search of keywords are done.
Autopsy doesn't show this files in Archives/compressed area and doesn't find any keywords of my list (I'm sure that this documents contain the right keywords).
Can I have any help ?
leonard21
 
Posts: 1
Joined: Tue Feb 07, 2017 7:52 am

Re: Keyword search in compressed Office Document

Postby Hoyt » Sat Mar 11, 2017 3:53 pm

How are you running those keyword searches? If you're running from the Keyword Search Bar at the top right of the UI and you haven't ran the Keyword Search module, then the Solr index hasn't yet been created and your searches won't work as expected.

It sounds like you've already ran the Embedded File Extraction Module. If not, run that first. After that, you can either build your keywords as a list in configuration settings (Tools > Options > Keyword Search) and then run the ingest module, or run the ingest module (even with no lists selected) to generate the Solr index. As long as embedded files have been expanded and the Solr index exists, either the Keyword Search module or the Keyword Search Bar should work for you. You can configure Keyword search, then run all pertinent modules at the same time, of course. I'm explaining them linearly so it makes sense (hopefully).

Hoyt
Hoyt
 
Posts: 51
Joined: Thu Dec 11, 2014 4:02 am
Location: Little Rock, AR


Return to Autopsy Troubleshooting

Who is online

Users browsing this forum: No registered users and 1 guest