Loading ...
Sorry, an error occurred while loading the content.

Re: announcing AFFLIBv3.7 --- AFFLIB moves to github

Expand Messages
  • peppespe
    ... Does it run under Mac Os X 10.7? I ve tried these command: $sudo sh bootstrap.sh Bootstrap script to create configure script using autoconf aclocal:
    Message 1 of 11 , Apr 1, 2012
    • 0 Attachment
      > If you are working in the repository, you will need to make your own
      > configure script. Do that with these commands:
      >
      > $ sh bootstrap.sh
      > $ ./configure
      > $ make
      >

      Does it run under Mac Os X 10.7?

      I've tried these command:

      $sudo sh bootstrap.sh
      Bootstrap script to create configure script using autoconf

      aclocal: configure.ac:30: file `m4/acx_pthread.m4' does not exist
      glibtoolize: putting auxiliary files in `.'.
      glibtoolize: linking file `./ltmain.sh'
      glibtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4'.
      glibtoolize: linking file `m4/libtool.m4'
      glibtoolize: linking file `m4/ltoptions.m4'
      glibtoolize: linking file `m4/ltsugar.m4'
      glibtoolize: linking file `m4/ltversion.m4'
      glibtoolize: linking file `m4/lt~obsolete.m4'
      /usr/bin/gm4:configure.ac:30: cannot open `m4/acx_pthread.m4': No such file or directory
      autom4te: /usr/bin/gm4 failed with exit status: 1
      autoheader: '/usr/bin/autom4te' failed with exit status: 1
      /usr/bin/gm4:configure.ac:30: cannot open `m4/acx_pthread.m4': No such file or directory
      autom4te: /usr/bin/gm4 failed with exit status: 1
      /usr/bin/gm4:configure.ac:30: cannot open `m4/acx_pthread.m4': No such file or directory
      autom4te: /usr/bin/gm4 failed with exit status: 1
      automake: /usr/bin/autoconf failed with exit status: 1
      Ready to run configure!

      $ sudo ./configure
      sudo: ./configure: command not found

      $ ls
      AUTHORS afflib.pubkey.asc ltmain.sh
      BUGLIST.txt afflib.spec.in lzma443
      COPYING autom4te.cache m4
      ChangeLog bootstrap.sh make_mingw.sh
      INSTALL checkversion.py man
      Makefile.am compile pyaff
      NEWS config.h.in stamp-h
      README configure.ac stats
      README_Linux.txt depcomp tests
      README_Win32.txt doc tools
      afflib.pc.in lib win32
    • Greg Freemyer
      Simson, Does this mean no more tarball releases anywhere? I think even most packages that host their source on github, still put up tarballs of the actual
      Message 2 of 11 , Apr 2, 2012
      • 0 Attachment
        Simson,

        Does this mean no more tarball releases anywhere?

        I think even most packages that host their source on github, still put up
        tarballs of the actual releases.

        Greg

        On Sat, Mar 31, 2012 at 8:35 PM, Simson Garfinkel <simsong@...> wrote:

        > **
        >
        >
        > ANNOUNCING AFFLIB 3.7
        >
        > I'm happy to announce the release of AFFLIB 3.7. Significant
        > highlights of the release include the following:
        >
        > - Copyright Clarification. AFFLIB was originally a collaboration
        > between Simson L. Garfinkel and Basis Technology and under the terms
        > of that collaboration the copyright was jointly held. The original
        > library was licensed under the 4-part Berkeley license.
        >
        > Work done on AFFLIB by Simson Garfinkel after December 26, 2006 was
        > done within the context of my employment with the US Government and,
        > as such, is not subject to copyright.
        >
        > All of the files in the current release have been examined to
        > determine whether they are licensed under the four-part license or
        > if they are in the public domain.
        >
        > - Move to github.org. As I am now largely working on other projects,
        > I am moving AFFLIB from afflib.org to github.org. This will make it
        > easier for others to perform maintenance on this release as
        > necessary for the eventual transition to AFFv4.
        >
        > There are no other significant changes in this release from release
        > 3.6.15.
        >
        > RELEASE ENGINEERING
        >
        > Although it is possible to do releases on github using the git tag[1]
        > interface, I will still be making digitally signed releases and
        > putting them in the github downloads[2] section.
        >
        > [1] http://gitref.org/branching/#tag
        > [2] https://github.com/blog/742-new-uploader-downloads-screen
        >
        > USING GIT
        >
        > The move to git makes it easier for potential AFFLIB developers and
        > users to directly access the AFFLIB development tree. For those of you
        > who are new to git, here are some simple commands that you can use:
        >
        > You can check out a copy of the source code with:
        >
        > $ git clone git://github.com/simsong/AFFLIBv3.git
        >
        > You can then keep your copy of AFFLIB up-to-date with:
        >
        > $ get pull
        >
        > If you are working in the repository, you will need to make your own
        > configure script. Do that with these commands:
        >
        > $ sh bootstrap.sh
        > $ ./configure
        > $ make
        >
        > Other kit commands that may be useful:
        >
        > $ git add [-f] filename (adds a file)
        > $ git commit (commits to local repo)
        > $ git push (push back to clone)
        >
        > [Non-text portions of this message have been removed]
        >
        >
        >



        --
        Greg Freemyer
        Head of EDD Tape Extraction and Processing team
        Litigation Triage Solutions Specialist
        http://www.linkedin.com/in/gregfreemyer
        CNN/TruTV Aired Forensic Imaging Demo -

        http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/

        The Norcross Group
        The Intersection of Evidence & Technology
        http://www.norcrossgroup.com


        [Non-text portions of this message have been removed]
      • Greg Freemyer
        Never mind, I found the tarball on github. I just wasn t looking in the right place. https://github.com/downloads/simsong/AFFLIBv3/afflib-3.7.0.tar.gz ... --
        Message 3 of 11 , Apr 2, 2012
        • 0 Attachment
          Never mind, I found the tarball on github. I just wasn't looking in the
          right place.

          https://github.com/downloads/simsong/AFFLIBv3/afflib-3.7.0.tar.gz

          On Mon, Apr 2, 2012 at 4:17 PM, Greg Freemyer <greg.freemyer@...>wrote:

          > Simson,
          >
          > Does this mean no more tarball releases anywhere?
          >
          > I think even most packages that host their source on github, still put up
          > tarballs of the actual releases.
          >
          > Greg
          >
          >
          > On Sat, Mar 31, 2012 at 8:35 PM, Simson Garfinkel <simsong@...> wrote:
          >
          >> **
          >>
          >>
          >> ANNOUNCING AFFLIB 3.7
          >>
          >> I'm happy to announce the release of AFFLIB 3.7. Significant
          >> highlights of the release include the following:
          >>
          >> - Copyright Clarification. AFFLIB was originally a collaboration
          >> between Simson L. Garfinkel and Basis Technology and under the terms
          >> of that collaboration the copyright was jointly held. The original
          >> library was licensed under the 4-part Berkeley license.
          >>
          >> Work done on AFFLIB by Simson Garfinkel after December 26, 2006 was
          >> done within the context of my employment with the US Government and,
          >> as such, is not subject to copyright.
          >>
          >> All of the files in the current release have been examined to
          >> determine whether they are licensed under the four-part license or
          >> if they are in the public domain.
          >>
          >> - Move to github.org. As I am now largely working on other projects,
          >> I am moving AFFLIB from afflib.org to github.org. This will make it
          >> easier for others to perform maintenance on this release as
          >> necessary for the eventual transition to AFFv4.
          >>
          >> There are no other significant changes in this release from release
          >> 3.6.15.
          >>
          >> RELEASE ENGINEERING
          >>
          >> Although it is possible to do releases on github using the git tag[1]
          >> interface, I will still be making digitally signed releases and
          >> putting them in the github downloads[2] section.
          >>
          >> [1] http://gitref.org/branching/#tag
          >> [2] https://github.com/blog/742-new-uploader-downloads-screen
          >>
          >> USING GIT
          >>
          >> The move to git makes it easier for potential AFFLIB developers and
          >> users to directly access the AFFLIB development tree. For those of you
          >> who are new to git, here are some simple commands that you can use:
          >>
          >> You can check out a copy of the source code with:
          >>
          >> $ git clone git://github.com/simsong/AFFLIBv3.git
          >>
          >> You can then keep your copy of AFFLIB up-to-date with:
          >>
          >> $ get pull
          >>
          >> If you are working in the repository, you will need to make your own
          >> configure script. Do that with these commands:
          >>
          >> $ sh bootstrap.sh
          >> $ ./configure
          >> $ make
          >>
          >> Other kit commands that may be useful:
          >>
          >> $ git add [-f] filename (adds a file)
          >> $ git commit (commits to local repo)
          >> $ git push (push back to clone)
          >>
          >> [Non-text portions of this message have been removed]
          >>
          >>
          >>
          >
          >
          >
          > --
          > Greg Freemyer
          > Head of EDD Tape Extraction and Processing team
          > Litigation Triage Solutions Specialist
          > http://www.linkedin.com/in/gregfreemyer
          > CNN/TruTV Aired Forensic Imaging Demo -
          >
          > http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/
          >
          > The Norcross Group
          > The Intersection of Evidence & Technology
          > http://www.norcrossgroup.com
          >



          --
          Greg Freemyer
          Head of EDD Tape Extraction and Processing team
          Litigation Triage Solutions Specialist
          http://www.linkedin.com/in/gregfreemyer
          CNN/TruTV Aired Forensic Imaging Demo -

          http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/

          The Norcross Group
          The Intersection of Evidence & Technology
          http://www.norcrossgroup.com


          [Non-text portions of this message have been removed]
        • Greg Freemyer
          Simson, I tried to git push a minor change that cleans up a compiler warning. No surprisingly, it s failing. Do I need to be added to the team somehow, or
          Message 4 of 11 , Apr 3, 2012
          • 0 Attachment
            Simson,

            I tried to "git push" a minor change that cleans up a compiler warning.

            No surprisingly, it's failing. Do I need to be added to the team somehow,
            or is there a different command that allows you to review the commit before
            it gets accepted?

            If I'm really supposed to use git push, my github account is "gregfreemyer"
            or greg.freemyer@...

            === details below IF needed

            ==
            git push git@...:simsong/AFFLIBv3.git
            Permission denied (publickey).
            fatal: The remote end hung up unexpectedly

            (note I can push to my own github account via publickey auth, so the keys
            are setup I'm pretty sure.)
            ==

            fyi: here's the trivial patch I wanted to push. It fixes a compiler
            warning.
            ===
            diff --git a/lib/qemu/block-vvfat.c b/lib/qemu/block-vvfat.c
            index d33b5a1..f8a52ae 100644
            --- a/lib/qemu/block-vvfat.c
            +++ b/lib/qemu/block-vvfat.c
            @@ -870,7 +870,8 @@ static int init_directories(BDRVVVFATState* s,
            {
            direntry_t* entry=array_get_next(&(s->directory));
            entry->attributes=0x28; /* archive | volume label */
            - snprintf((char*)entry->name,11,"QEMU VVFAT");
            + memcpy(entry->name, "QEMU VVF", 8);
            + memcpy(entry->extension, "AT", 3);
            }

            /* Now build FAT, and write back information into directory */
            ===

            Thanks
            Greg


            On Sat, Mar 31, 2012 at 8:35 PM, Simson Garfinkel <simsong@...> wrote:

            > **
            >
            >
            > ANNOUNCING AFFLIB 3.7
            >
            > I'm happy to announce the release of AFFLIB 3.7. Significant
            > highlights of the release include the following:
            >
            > - Copyright Clarification. AFFLIB was originally a collaboration
            > between Simson L. Garfinkel and Basis Technology and under the terms
            > of that collaboration the copyright was jointly held. The original
            > library was licensed under the 4-part Berkeley license.
            >
            > Work done on AFFLIB by Simson Garfinkel after December 26, 2006 was
            > done within the context of my employment with the US Government and,
            > as such, is not subject to copyright.
            >
            > All of the files in the current release have been examined to
            > determine whether they are licensed under the four-part license or
            > if they are in the public domain.
            >
            > - Move to github.org. As I am now largely working on other projects,
            > I am moving AFFLIB from afflib.org to github.org. This will make it
            > easier for others to perform maintenance on this release as
            > necessary for the eventual transition to AFFv4.
            >
            > There are no other significant changes in this release from release
            > 3.6.15.
            >
            > RELEASE ENGINEERING
            >
            > Although it is possible to do releases on github using the git tag[1]
            > interface, I will still be making digitally signed releases and
            > putting them in the github downloads[2] section.
            >
            > [1] http://gitref.org/branching/#tag
            > [2] https://github.com/blog/742-new-uploader-downloads-screen
            >
            > USING GIT
            >
            > The move to git makes it easier for potential AFFLIB developers and
            > users to directly access the AFFLIB development tree. For those of you
            > who are new to git, here are some simple commands that you can use:
            >
            > You can check out a copy of the source code with:
            >
            > $ git clone git://github.com/simsong/AFFLIBv3.git
            >
            > You can then keep your copy of AFFLIB up-to-date with:
            >
            > $ get pull
            >
            > If you are working in the repository, you will need to make your own
            > configure script. Do that with these commands:
            >
            > $ sh bootstrap.sh
            > $ ./configure
            > $ make
            >
            > Other kit commands that may be useful:
            >
            > $ git add [-f] filename (adds a file)
            > $ git commit (commits to local repo)
            > $ git push (push back to clone)
            >
            > [Non-text portions of this message have been removed]
            >
            >
            >



            --
            Greg Freemyer
            Head of EDD Tape Extraction and Processing team
            Litigation Triage Solutions Specialist
            http://www.linkedin.com/in/gregfreemyer
            CNN/TruTV Aired Forensic Imaging Demo -

            http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/

            The Norcross Group
            The Intersection of Evidence & Technology
            http://www.norcrossgroup.com


            [Non-text portions of this message have been removed]
          • The Dog's Bollix
            Hello, I m testing BE as follows: I have a testfile that contains words, one per line. Two of the words are seven and ten (without quotes and on separate
            Message 5 of 11 , Apr 15, 2012
            • 0 Attachment
              Hello,

              I'm testing BE as follows:

              I have a testfile that contains words, one per line. Two of the words are "seven" and "ten" (without quotes and on separate lines). The file also contains the words "one" and "One".

              My rfile contains the following:

              [o|O]ne
              .*en

              My command is:

              bulk_extractor -F rfile.txt  -o 4  testdoc1

              My output in find is:

              # Feature File Version: 1.1
              8    one    testing\012one\012two \012three\012four
              76    One    \01212\01213\01214\01215\01216\012One\012\012

              Now, my first instinct is my regex (.*en) is wrong in the rfile.txt, but I checked it on rubular.com and it works perfectly there. I'm not a regex expert by any stretch of imagination...

              Where am I going wrong with this?

              TIA for your time,

              Tony.







              [Non-text portions of this message have been removed]
            • Simson Garfinkel
              Which version of BE are you using? ... [Non-text portions of this message have been removed]
              Message 6 of 11 , Apr 15, 2012
              • 0 Attachment
                Which version of BE are you using?

                On Apr 15, 2012, at 12:34 PM, The Dog's Bollix wrote:

                > Hello,
                >
                > I'm testing BE as follows:
                >
                > I have a testfile that contains words, one per line. Two of the words are "seven" and "ten" (without quotes and on separate lines). The file also contains the words "one" and "One".
                >
                > My rfile contains the following:
                >
                > [o|O]ne
                > .*en
                >
                > My command is:
                >
                > bulk_extractor -F rfile.txt -o 4 testdoc1
                >
                > My output in find is:
                >
                > # Feature File Version: 1.1
                > 8 one testing\012one\012two \012three\012four
                > 76 One \01212\01213\01214\01215\01216\012One\012\012
                >
                > Now, my first instinct is my regex (.*en) is wrong in the rfile.txt, but I checked it on rubular.com and it works perfectly there. I'm not a regex expert by any stretch of imagination...
                >
                > Where am I going wrong with this?
                >
                > TIA for your time,
                >
                > Tony.
                >
                > [Non-text portions of this message have been removed]
                >
                >



                [Non-text portions of this message have been removed]
              • The Dog's Bollix
                bulk_extractor-1.3-devel_001 ... From: Simson Garfinkel Subject: Re: [linux_forensics] bulk_extractor -F option and regex To:
                Message 7 of 11 , Apr 15, 2012
                • 0 Attachment
                  bulk_extractor-1.3-devel_001

                  --- On Sun, 4/15/12, Simson Garfinkel <simsong@...> wrote:

                  From: Simson Garfinkel <simsong@...>
                  Subject: Re: [linux_forensics] bulk_extractor -F option and regex
                  To: linux_forensics@yahoogroups.com
                  Date: Sunday, April 15, 2012, 1:32 PM

                  Which version of BE are you using?

                  On Apr 15, 2012, at 12:34 PM, The Dog's Bollix wrote:

                  > Hello,
                  >
                  > I'm testing BE as follows:
                  >
                  > I have a testfile that contains words, one per line. Two of the words are "seven" and "ten" (without quotes and on separate lines). The file also contains the words "one" and "One".
                  >
                  > My rfile contains the following:
                  >
                  > [o|O]ne
                  > .*en
                  >
                  > My command is:
                  >
                  > bulk_extractor -F rfile.txt  -o 4  testdoc1
                  >
                  > My output in find is:
                  >
                  > # Feature File Version: 1.1
                  > 8    one    testing\012one\012two \012three\012four
                  > 76    One    \01212\01213\01214\01215\01216\012One\012\012
                  >
                  > Now, my first instinct is my regex (.*en) is wrong in the rfile.txt, but I checked it on rubular.com and it works perfectly there. I'm not a regex expert by any stretch of imagination...
                  >
                  > Where am I going wrong with this?
                  >
                  > TIA for your time,
                  >
                  > Tony.
                  >
                  > [Non-text portions of this message have been removed]
                  >
                  >



                  [Non-text portions of this message have been removed]



                  ------------------------------------

                  Yahoo! Groups Links





                  [Non-text portions of this message have been removed]
                • Simson Garfinkel
                  Please direct comments on the development version of bulk_Extractor to the author and not to a public mailing list. Thank you. ... [Non-text portions of this
                  Message 8 of 11 , Apr 15, 2012
                  • 0 Attachment
                    Please direct comments on the development version of bulk_Extractor to the author and not to a public mailing list. Thank you.


                    On Apr 15, 2012, at 1:42 PM, The Dog's Bollix wrote:

                    >
                    > bulk_extractor-1.3-devel_001
                    >
                    > --- On Sun, 4/15/12, Simson Garfinkel <simsong@...> wrote:
                    >
                    > From: Simson Garfinkel <simsong@...>
                    > Subject: Re: [linux_forensics] bulk_extractor -F option and regex
                    > To: linux_forensics@yahoogroups.com
                    > Date: Sunday, April 15, 2012, 1:32 PM
                    >
                    > Which version of BE are you using?
                    >
                    > On Apr 15, 2012, at 12:34 PM, The Dog's Bollix wrote:
                    >
                    > > Hello,
                    > >
                    > > I'm testing BE as follows:
                    > >
                    > > I have a testfile that contains words, one per line. Two of the words are "seven" and "ten" (without quotes and on separate lines). The file also contains the words "one" and "One".
                    > >
                    > > My rfile contains the following:
                    > >
                    > > [o|O]ne
                    > > .*en
                    > >
                    > > My command is:
                    > >
                    > > bulk_extractor -F rfile.txt -o 4 testdoc1
                    > >
                    > > My output in find is:
                    > >
                    > > # Feature File Version: 1.1
                    > > 8 one testing\012one\012two \012three\012four
                    > > 76 One \01212\01213\01214\01215\01216\012One\012\012
                    > >
                    > > Now, my first instinct is my regex (.*en) is wrong in the rfile.txt, but I checked it on rubular.com and it works perfectly there. I'm not a regex expert by any stretch of imagination...
                    > >
                    > > Where am I going wrong with this?
                    > >
                    > > TIA for your time,
                    > >
                    > > Tony.
                    > >
                    > > [Non-text portions of this message have been removed]
                    > >
                    > >
                    >
                    > [Non-text portions of this message have been removed]
                    >
                    > ------------------------------------
                    >
                    > Yahoo! Groups Links
                    >
                    > [Non-text portions of this message have been removed]
                    >
                    >



                    [Non-text portions of this message have been removed]
                  • The Dog's Bollix
                    Can you please provide a link to version 1.2? I searched github and only BE viewer is up there. The links on the main pages for bulk_extractor
                    Message 9 of 11 , Apr 15, 2012
                    • 0 Attachment
                      Can you please provide a link to version 1.2?

                      I searched github and only BE viewer is up there. The links on the main pages for bulk_extractor (https://github.com/simsong/bulk_extractor) don't appear to contain source for bulk_extractor.

                      --- On Sun, 4/15/12, Simson Garfinkel <simsong@...> wrote:

                      From: Simson Garfinkel <simsong@...>
                      Subject: Re: [linux_forensics] bulk_extractor -F option and regex
                      To: linux_forensics@yahoogroups.com
                      Date: Sunday, April 15, 2012, 1:53 PM

                      Please direct comments on the development version of bulk_Extractor to the author and not to a public mailing list. Thank you.


                      On Apr 15, 2012, at 1:42 PM, The Dog's Bollix wrote:

                      >
                      > bulk_extractor-1.3-devel_001
                      >
                      > --- On Sun, 4/15/12, Simson Garfinkel <simsong@...> wrote:
                      >
                      > From: Simson Garfinkel <simsong@...>
                      > Subject: Re: [linux_forensics] bulk_extractor -F option and regex
                      > To: linux_forensics@yahoogroups.com
                      > Date: Sunday, April 15, 2012, 1:32 PM
                      >
                      > Which version of BE are you using?
                      >
                      > On Apr 15, 2012, at 12:34 PM, The Dog's Bollix wrote:
                      >
                      > > Hello,
                      > >
                      > > I'm testing BE as follows:
                      > >
                      > > I have a testfile that contains words, one per line. Two of the words are "seven" and "ten" (without quotes and on separate lines). The file also contains the words "one" and "One".
                      > >
                      > > My rfile contains the following:
                      > >
                      > > [o|O]ne
                      > > .*en
                      > >
                      > > My command is:
                      > >
                      > > bulk_extractor -F rfile.txt  -o 4  testdoc1
                      > >
                      > > My output in find is:
                      > >
                      > > # Feature File Version: 1.1
                      > > 8    one    testing\012one\012two \012three\012four
                      > > 76    One    \01212\01213\01214\01215\01216\012One\012\012
                      > >
                      > > Now, my first instinct is my regex (.*en) is wrong in the rfile.txt, but I checked it on rubular.com and it works perfectly there. I'm not a regex expert by any stretch of imagination...
                      > >
                      > > Where am I going wrong with this?
                      > >
                      > > TIA for your time,
                      > >
                      > > Tony.
                      > >
                      > > [Non-text portions of this message have been removed]
                      > >
                      > >
                      >
                      > [Non-text portions of this message have been removed]
                      >
                      > ------------------------------------
                      >
                      > Yahoo! Groups Links
                      >
                      > [Non-text portions of this message have been removed]
                      >
                      >



                      [Non-text portions of this message have been removed]



                      ------------------------------------

                      Yahoo! Groups Links





                      [Non-text portions of this message have been removed]
                    • The Dog's Bollix
                      The problem also exists in version 1.2. Is this something I m doing wrong? ... From: Simson Garfinkel Subject: Re: [linux_forensics]
                      Message 10 of 11 , Apr 15, 2012
                      • 0 Attachment
                        The problem also exists in version 1.2. Is this something I'm doing wrong?

                        --- On Sun, 4/15/12, Simson Garfinkel <simsong@...> wrote:

                        From: Simson Garfinkel <simsong@...>
                        Subject: Re: [linux_forensics] bulk_extractor -F option and regex
                        To: linux_forensics@yahoogroups.com
                        Date: Sunday, April 15, 2012, 1:53 PM

                        Please direct comments on the development version of bulk_Extractor to the author and not to a public mailing list. Thank you.


                        On Apr 15, 2012, at 1:42 PM, The Dog's Bollix wrote:

                        >
                        > bulk_extractor-1.3-devel_001
                        >
                        > --- On Sun, 4/15/12, Simson Garfinkel <simsong@...> wrote:
                        >
                        > From: Simson Garfinkel <simsong@...>
                        > Subject: Re: [linux_forensics] bulk_extractor -F option and regex
                        > To: linux_forensics@yahoogroups.com
                        > Date: Sunday, April 15, 2012, 1:32 PM
                        >
                        > Which version of BE are you using?
                        >
                        > On Apr 15, 2012, at 12:34 PM, The Dog's Bollix wrote:
                        >
                        > > Hello,
                        > >
                        > > I'm testing BE as follows:
                        > >
                        > > I have a testfile that contains words, one per line. Two of the words are "seven" and "ten" (without quotes and on separate lines). The file also contains the words "one" and "One".
                        > >
                        > > My rfile contains the following:
                        > >
                        > > [o|O]ne
                        > > .*en
                        > >
                        > > My command is:
                        > >
                        > > bulk_extractor -F rfile.txt  -o 4  testdoc1
                        > >
                        > > My output in find is:
                        > >
                        > > # Feature File Version: 1.1
                        > > 8    one    testing\012one\012two \012three\012four
                        > > 76    One    \01212\01213\01214\01215\01216\012One\012\012
                        > >
                        > > Now, my first instinct is my regex (.*en) is wrong in the rfile.txt, but I checked it on rubular.com and it works perfectly there. I'm not a regex expert by any stretch of imagination...
                        > >
                        > > Where am I going wrong with this?
                        > >
                        > > TIA for your time,
                        > >
                        > > Tony.
                        > >
                        > > [Non-text portions of this message have been removed]
                        > >
                        > >
                        >
                        > [Non-text portions of this message have been removed]
                        >
                        > ------------------------------------
                        >
                        > Yahoo! Groups Links
                        >
                        > [Non-text portions of this message have been removed]
                        >
                        >



                        [Non-text portions of this message have been removed]



                        ------------------------------------

                        Yahoo! Groups Links





                        [Non-text portions of this message have been removed]
                      Your message has been successfully submitted and would be delivered to recipients shortly.