If you are not getting the results you expect when using a Custom Script Validator in a Data Identifier (e.g. checking a prefix before a match) don't forget to try a different function.
LOOK for the value "FALSE:" before a match - and do NOT create an incident:
$PreValue = getAsciiStringAt($matchPrefix, 0x4, 6);
$TestValue = 'FALSE:';
AssertFalse($PreValue == $TestValue);
The following does NOT work for me...
LOOK for the value "FALSE:" before a match - and do NOT create an incident:
$PreValue = getStringValueAt($matchPrefix, 0x4, 6);
$TestValue = 'FALSE:';
AssertFalse($PreValue == $TestValue);
Don't confuse the functions getStringValueAt() and getAsciiStringAt() like I did... save yourself some time.
Bob.