Besides log files and binary data on Windows systems, there is quite a bit of other data that can be parsed in a number of useful ways. For example, the Visa Payment Card Industry (PCI) Data Security Standard (DSS) ^[13] has put forth requirements not only for notification of individuals in case their data has been compromised, but also notification to the PCI board if there has been a breach. The goals of a PCI forensic audit are to determine if there was, in fact, a breach and if credit card data was on the affected systems and possibly compromised. So what generally happens is that some systems may be forensically acquired, and the images will be analyzed for signs of an intrusion, as well as searched for credit card numbers. Forensic analysis tools such as EnCase provide the capability for the user to define a search for credit card numbers ^[14] (or magnetic strip or track data) using a regular expression search, or for the analyst to use already-written scripts to perform the searches for them. With EnCase Forensic Edition version 5, for example, there is a Credit Card Finder module that is included with the Sweep Case EnScript (EnScripts are the user-definable scripting components of EnCase). Whether the analyst searches just for credit card numbers, or performs a more extensive search for track 1 or track 2 data (again, information which is maintained on the magnetic stripe of the credit card...