Search Hit List
Available only with a forensic license, when working with a case, for evidence objects with a volume snapshot. (Otherwise the Position Manager will list search hits.)
The directory browser can show search hits. To get into this display mode (search hit list instead of ordinary directory browser), click the button with the binoculars and the four horizontal lines. It is only available for evidence objects. In that mode of operation there are four additional columns: physical/absolute offsets of the search hits, logical/relative offsets, descriptions that include the code pages in which search hits were found and hints if found in file slack, and the search hits themselves (usually with a context preview, sortable by search term, context preview not accurate for Arabic and Hebrew text or hits in UTF-8). The directory browser's grouping options have no effect when search hits are sorted by one of these three columns. The search hit description column comes with a filter that allows to focus on notable hits, hits to include in the case report, user search hits, hits in a certain code page, hits in the text extraction of documents, and hits in slack space or uninitialized tail areas of files. Search hits in all variants of UTF-16 that are not aligned at even offsets are marked in the Descr. column as "unaligned", as a small hint and explanation why you can read the text only in the alignment-aware context preview of the Search hits column, and not in the text column.
Almost all commands in the directory browser context menu are available for search hit lists as well, notably the ability to copy, view, tag and comment files. The dynamic filter based on the usual directory browser columns can be used in conjunction with search hit lists e.g. to view hits in all .doc and .xls files with certain last modification dates only.
The search hit list is based on the position and level in the directory tree where you click, so that you can e.g. see all search hits in files in \Documents and Settings and subdirectories of the same, and even search hits from all evidence objects of the entire case at the same time, using the case root window. Also it's possible to conveniently select one or several search terms for search hit viewing, in the search term list in the Case Data window. Like that it's also an easy task to find out how many search hits there are for any given search term for any level in the case tree, as that number is displayed in the directory browser's caption based on the current search hit list.
Search hit lists are "dynamic" in that they are composed "on the fly" depending on selected search terms, explored path, current filter settings and based on the settings of the search term list (logical AND combinations and the "1 hit per item" option).
Search hits can be marked as notable (such that a yellow light bulb is displayed on the left) with the directory browser context menu or by pressing the Space key. With the Space key you may also remove that mark. You may unmark multiple selected search hits as notable by holding the Shift key when invoking the "Mark as notable" context menu command. You can filter for notable search hits via the Search hits column filter.
If you no longer need certain search hits, you can select and delete them. For example because there might be duplicates or because you would like to run a search for the same search terms in the same files again with slightly different settings. If you no longer need any search hits of certain search terms, you can select these search terms in the search term list and delete those along with all their search hits.