Search Options Available in ESI Analyst
Overview on Searching
For a general overview on navigation, search fields, case sensitivity, wildcards, fuzziness, and boolean operators:
Has the Word or Phrase
Highlight hits that match the searched word or phrase verbatim.
Has the Word or Phrase does not search for special characters or wildcards.
Has Any of the Words (OR), Has All of the Words (AND)
ESI Analyst's supports the following single query strings:
Any of the words/phrases (OR) - searches for all of the individual words in a search term.
All of the words/phrases (AND) - searches for any of the words entered.
Boolean operators in the single query strings must be capitalized and written in word format (OR, AND).
Quote marks, wildcards, and special characters can be used in both single query strings.
Supported characters:
= & ~
! * ?
: ^ "
{ } ( ) | |
\ / > < [ ]
+ and - are not supported by the two search types.
To learn more about quote marks, wildcards, and special characters, please visit this article:
Starts With/Ends With the Word
Highlights messages in which the searched term appears at the beginning or end of a field or filepath.
Does not search for special characters.
Regular Expression Search
ESI Analyst's engine is Apache Lucene. We support common standards but we do not support line endings (^ and $).
The following characters are reserved as operators: . ? + * | { } [ ] ( ) " \ # @ & < > ~
To use one of these characters literally, escape it with a preceding backlash or surround it with double quotes.
Eg:
\@ renders as a literal '@'
\\ renders as a literal '\'
Patterns include special characters in sequence to derive results from the content.
For more information on Regular Expression syntax, visit this article:
Full Query String
The Full Query String is ESI Analyst's most powerful and inclusive search type.
Unlike the single query strings, full query string also allows you to use plus and minus signs as Boolean operators (+, -).
Supports quote marks, single and multiple character wildcards, boolean operators, and fuzziness.
Full Query String special characters include:
+ - =
& ~ ! *
? : ^ "
{ } ( ) | |
\ / > < [ ]
Related Articles
Search Functions in ESI Analyst
Navigation To view ESI Analyst's various search types, select a project from your project dashboard and click on "Review Project Metadata." While in Review Project Metadata, click on the word Search in the Filters box. Search Fields All searches ...ESI Analyst Frequently Asked Questions
How should I format my Control Numbers? Control Numbers are important to all projects to have a consistent numbering scheme for data reference at the item level. It is best to have an idea on how your data is going to be represented in the system ...How to Use Full Query String for Complex Searches
To navigate to the fill query string, click on "Review Project Metadata" in your project dashboard. The ‘full query string’ option under the Search filter allows you to enter a more complex query, with parentheses, AND/OR operators and proximity ...How to Search for Emojis
Searching for emojis is sometimes very important to an investigation. ESI Analyst provides this capability via our Search options. This search is only available in our Review Project Metadata list. When searching within the Review Project Metadata ...Search Options for Geolocation Items
Sometimes, it may be needed to search an address (or IP address locations) and see where an actor was on a certain date. If this data was loaded to ESI Analyst, it is searchable. You can search geolocation items by device and address. You can also ...