grep Cheat Sheet

Escaped Values

Autopsy uses the grep utility to search an image. grep requires that some values be "escaped" if they are searched for. Autopsy will automatically escape those values if the serach is being done for a non-regular expression. The escaped values include:

Regular Expressions

Refer to the man page for 'grep' for more details of creating regular expressions. Autopsy uses the '-E' flag with 'grep' to specify extended regular expressions. The following have special meaning with grep:

To specify how many times something can occur, the following are used:

To specify more than one string to match, use the | operator.

Examples

To search for 'Jane Smith' or 'Jack Smith': (Jane)|(Jack) Smith

To ensure it matches if a tab is between the first and last name: (Jane)|(Jack)[:space:]Smith

To search for 'Jane Smith' or 'Jane Anne Smith': Jane( Anne)? Smith

or: Jane([:space:]Anne)?[:space:]Smith


Brian Carrier