11/6/2022: Hash values of files sent via MMS can vary
Multimedia Messaging Service is used by cell phones to send video, audio and multiple images. It contrasts with Short Message Service that can only send text up to 160 characters in a message. Unlike other files collected from a mobile device, images sent on separate occasions via MMS can have different hash values. A study conducted by researchers at Purdue University concluded that, ” While the results for the majority of tests were uniform, the hash values reported for data objects transferred via Multimedia Messaging Service (MMS) were variable.” Shira Danker, Rick Ayers, and Richard P. Mislan, Hashing Techniques for Mobile Device Forensics, 3 Small Scale Digital Device Forensics J. No. 1 (June 2009).
The study shows that the same JPEG file sent via MMS on different devices at different times would have an entirely different hash value.
11/11/2022 – Regular expression search to find lines beginning with same characters
You can run a Regex search which will find consecutive lines that begin with the same characters. This search:
^((.{10}).*)(?:\r?\n\2.*)+
. . . will check the first 10 characters at the beginning of a line and check to see if the same 10 characters appear at the start of the next line.
. . . adding $1 in the replace window will remove each duplicate line.
11/19/22 – Outlook search anomalies – a limit of 250 hits, 1050, or more?
Running searches in Outlook is not necessarily a straightforward affair. You can use standard Boolean operators when running a search:
A search for: law firm will return any messages which include both terms.
A search for: law, firm will return any messages which include either term.
A search for: law OR firm will return any messages which include either term.
A search for: law AND firm will return any messages which include both terms.
A search for: “law firm” will return any messages which include this phrase.
See confirmation on this here. Note that when you run a search for “law, firm” in the standard Find tool accessed in the Inbox, it will be run as an ‘AND’ Boolean search, law AND firm, BUT a search for “law, firm” in Advanced Find acts as an ‘OR’ Boolean search, breach OR report.
Entering a search term in Outlook without an asterisk, will run a wildcard search for the term (or string). So a search for: law will return messages which include the terms, ‘lawful’; ‘lawyer’, etc.
If you search in the find tool at the top right of the Inbox, Outlook will, with the default setting to search the current mailbox, search through the text of all attachments to email messages. However, the default setting in Outlook will limit the results to 250 messages. You can remove this limit, in Outlook 2019, by going to File . . . Options . .. Search, and unchecking the ‘Improve search speed by limiting the number of results shown’ box.
This only increases the search result limit to about 1000. [The limit appears to be 1050 – based on my tests when a search is run for very common terms in a full Inbox such as “conflict check” or “district court”, only 1050 messages appear in the results. I can’t find confirmation of this on Microsoft site. ] It’s possible that a change to registry key would remove the limit altogether. See: https://answers.microsoft.com/en-us/outlook_com/forum/all/critical-outlook-search-issue/36980334-1a74-4db8-b989-39ea12b693c8
In order get complete search results, you need to switch the setting from ‘Current Mailbox’ to ‘All Outlook Items’
[To be clear, if the ‘Improve search speed by limiting the number of results shown’ box is checked, it won’t matter if you have ‘All Outlook Items’ selected, the result limit will still be 250.]
After the search is run, you will still need to click the option to pull up more results at the bottom of the screen.
When searching in Outlook, there’s also the option of using the Advanced Find tool. Click in the search box at the top right of the screen and a new ‘Search’ tab will appear. Select ‘Advanced Find’ from the Search tools menu.
Advanced Find does not have the same search results limitation. However even if the search is set to be run in “subject field and message body”, or “frequently used text fields”, the search will not include the text of attachments to email messages. So far as I know, Advanced Find does not give you a way to search the text of attachments.
It would be possible to run a search in Advanced Find for references to a term or terms that occur in the email body or subject field, and then run a search using the standard find tool which was only focused on the text of attachments. On the Search tab, from the + More menu, select ‘Attachment Contains’
If the search term you’re looking for appears in the text of an attachment to no more than 1,000 messages, you should get everything you’re targeting by combining the results from Advanced Find and the standard search tool.
Also note that when a running a search in the standard Find tool, it may take some time to complete even after you have clicked the option to show More results. Look for this notification at the bottom of the screen:
11/28/22 – IE mode in Edge
Note that while Microsoft no longer supports Internet Explorer, there is an Internet Explorer mode available in the Edge browser.
Various legacy applications are still programmed only to function in IE, but the latest Windows systems may not allow IE to run.
Under the options for the default browser in Settings, Edge will let you toggle to a mode that will use the old browser