Regular Expression List

Regular Expressions commonly used in Digital Forensic Tasks

Title	Regex	Regex101	Links/Source
Age (Under 18)	^(0?[1-9]{1}|[1]{1}[0-7]{1})(\s|[-])?(y(\s?)o|yr([sz]?)|year([sz]?)((\s|[-])?(old)?)|y)((\s?|[-])(old)?)$	Regex101	Digital Forensics Discord Server user jball77
Bitlocker Recovery Key	^[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}$	Regex101	BitLocker Overview
Credit Card Numbers	(^4[0-9]{12}(?:[0-9]{3})?$)|(^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$)|(3[47][0-9]{13})|(^3(?:0[0-5]|[68][0-9])[0-9]{11}$)|(^6(?:011|5[0-9]{2})[0-9]{12}$)|(^(?:2131|1800|35\d{3})\d{11}$)	Regex101	IHateRegex
Cut Folder Hierarchy	.+(?=((\|\/).+){2})	Regex101	RegexLib
Email Addresses	(([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)(\s*;\s*|\s*$))*	Regex101	StackOverflow
Filenames (Short/Suspicious)	^[\w,\s-]{1,3}\.[a-zA-Z0-9]{2,4}$	Regex101	RegexTester
IPv4	\b(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b	Regex101	bstrings
IPv4 (External Only)	\b(?!0\.)(?!10\.)(?!100\.6[4-9]\.)(?!100\.[7-9]\d\.)(?!100\.1[0-1]\d\.)(?!100\.12[0-7]\.)(?!127\.)(?!169\.254\.)(?!172\.1[6-9]\.)(?!172\.2[0-9]\.)(?!172\.3[0-1]\.)(?!192\.0\.0\.)(?!192\.0\.2\.)(?!192\.88\.99\.)(?!192\.168\.)(?!198\.1[8-9]\.)(?!198\.51\.100\.)(?!203.0\.113\.)(?!22[4-9]\.)(?!23[0-9]\.)(?!24[0-9]\.)(?!25[0-5]\.)(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\b	Regex101	StackOverflow
IPv6	(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))	Regex101	RegexTester
MAC Address	^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$	Regex101	StackOverflow
Passwords	^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$ %^&*-]).{8,}$	Regex101	IHateRegex
Phone Numbers	^(\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}$	Regex101	StackOverflow
URLs	(https?:\/\/)?(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()!@:%_\+.~#?&\/\/=]*)	Regex101	mathiasbynens.be URL Spec IHateRegex
US Social Security Numbers	^(?!0{3})(?!6{3})[0-8]\d{2}-(?!0{2})\d{2}-(?!0{4})\d{4}$	Regex101	IHateRegex
Username (Discord)	^.{3,32}#[0-9]{4}$	Regex101	IHateRegex