Tools

641 results - showing 201 - 220
« 1 ... 6 7 8 9 10 11 12 13 14 15 ... »
Details

Tools

License Type
Free
Developer
Guidance/OpenText

This script finds and decodes Windows 8/8.1 mail messages originating from cached EML message files, which are stored in the following folder -

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript is designed to determine drive-letter assignments for volumes mounted under Microsoft Windows.

Tools

License Type
Free
Developer
Guidance/OpenText

Notwithstanding that the EnCase System Information Parser already provides a lot of useful device-related information, the script outputs additional information, e.g., the last-removal (disconnected) date. It also links each device to its device-container, which has additional properties, e.g., the location of any custom container-icon that's been cached to the system disk.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript searches the user-nominated pre-Vista event log files (*.evt) to check if they are flagged as dirty.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript is designed to read installed application information and display it in a similar fashion to the Windows Programs & Features control-panel applet.

Tools

License Type
Free
Developer
Guidance/OpenText

This script uses various methods to detect known executable file packers.  The script first parses the structure of the PE data, then uses known characteristics of this structure to identify the packers.

Tools

License Type
Free
Developer
Guidance/OpenText

This script is designed to iterate through the contents of a single, selected (blue-checked) Windows Live Mail storage folder (referred to as the target folder in the text below) and create a separate MBOX file for each sub-folder and the EML mail-messages contained therein.

Tools

License Type
Free
Developer
Guidance/OpenText

This is a simple script that extracts the drive-letter mappings from HKCU\Network.

Tools

License Type
Free
Developer
Guidance/OpenText

This script decodes the login-count for local user accounts stored in SAM Registry hive files in the current case.

Tools

License Type
Free
Developer
Guidance/OpenText

This script parses network-profile information from the following Registry key:

  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

Tools

License Type
Free
Developer
Guidance/OpenText

This scripts reads recently-used application information from the following Registry path:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps

Tools

License Type
Free
Developer
Guidance/OpenText

This is a self-installing EnCase V7 application-plugin that adds a right-click context-menu option allowing the user to view an item (entry, bookmark, record or result-set entry) using the Windows application registered to handle that item's file-type (as identified by file-extension).

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript will search for, and bookmark, ZIP-file index-entries. It was designed for the recovery of data from deleted ZIP files (including MS Word *.DOCX files) that can't otherwise be recovered, either because they're partially overwritten or fragmented.

Tools

License Type
Free
Developer
Guidance/OpenText

This script will parse all eDonkey & eMule 'known.met' or 'known.met.bak' files or those that have been selected in the current view. Any files that don't have one of those two file-names will be ignored. To prevent errors, deleted-overwritten files will also be ignored even if they are known.met or known.met.bak files.

Tools

License Type
Free
Developer
Guidance/OpenText

This script is designed to parse ‘Zone.Identifier’ alternate data streams, which are sometimes referred to as ‘Marks of the Web’ and can help to identify files downloaded from the Internet.

Tools

License Type
Free
Developer
Guidance/OpenText

This script decodes macOS bookmark datastreams of the type found in macOS alias files and property-list files.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript parses *.ichat messages of the type created by the Mac OS X Messages application.

Tools

License Type
Free
Developer
Guidance/OpenText

Startup Manager allows a user to configure EnScript or EnPack files to start automatically when EnCase starts up.

Tools

License Type
Free
Developer
Guidance/OpenText

System Snap Shot collects information regarding software used, system settings, user names and last login information. It also provides insight on connections made that would allow data to be moved off the machine. This EnScript is compatible with evidence using Windows Operating Systems. All results from running this EnScript will be placed into the Bookmarks tab of your case for review and easy addition into a report.

Tools

License Type
Free
Developer
Guidance/OpenText

SysTools Outlook Exporter is an EnCase plugin which allows you to export email evidence found with EnCase forensic to an Outlook (.pst) file WITHOUT Outlook being installed on the examiner’s machine. Just tag the desired mails and then use the plugin to export them into PST.

641 results - showing 201 - 220
« 1 ... 6 7 8 9 10 11 12 13 14 15 ... »