Tools

620 results - showing 161 - 180
« 1 ... 4 5 6 7 8 9 10 11 12 13 ... »

This script will prompt for a keyword from the user then search selected tagged items for that keyword. It will then check the search hit to see if it is the file name in a UsnJrnl record entry. If it is a UsnJrnl record it will parse selected fields from the record and export them to a .csv file in the case default export folder. Useful for searching for change journal records in slack and unallocated space.

License Type
Free
Developer
Guidance/OpenText

This is a Volume Shadow-Copy Service (VSS) examination EnScript designed for EnCase.

 

License Type
Free
Developer
Guidance/OpenText

This EnScript plugin (formerly called the Last Folder Plugin) provides a number of utility functions.

License Type
Free
Developer
Guidance/OpenText

Dieses umfassende Berichtstemplate kann als Basis für Ihre eigene Vorlage dienen. Sie ist sehr umfangreich und enthält Bookmark-Verzeichnisse für die häufigsten Topics Ihrer Untersuchungen. Die Darstellung der verschiedenen Lesezeichen wurde gemäß Kundenwünschen angepasst und kann selbstverständlich weiter optimiert werden.

License Type
Free
Developer
Guidance/OpenText

This EnScript is designed to decode data stored in the HKCU Registry UserAssist sub-key present in Windows XP and later operating systems.

License Type
Free
Developer
Guidance/OpenText

This will add a right click option to unmount a compound file. This can be used to try a different password or just get rid of the additional items. NOTE: Unmounting a compound file will disconnect any bookmarks that were made of items inside the compound file.

License Type
Free
Developer
Guidance/OpenText

This script parses Windows Vista, Windows 7, Windows 8 and Windows 10 thumbcache_*.db files.

License Type
Free
Developer
Guidance/OpenText

Use this script to preview the files and folders on a remote device via a UNC path. Selected files can be added to a LEF.

License Type
Free
Developer
Guidance/OpenText

This EnScript was authored in an attempt to save the examiner the time of manually parsing the System Registry Hive to determine the current control set and then parse the current control set to retrieve the timezone information for each of the evidence files loaded into EnCase Evidence tab.

License Type
Free
Developer
Guidance/OpenText

This Enscript will send selected MD5 hashes to the Team Cymru Malware Hash Registry (MHR) to learn if any might be suspicious, e.g. malware. The results are recorded in the Bookmarks.

License Type
Free
Developer
Guidance/OpenText

Cisco’s AMP Threat Grid Malware Analysis and Intelligence for EnCase® provides direct integration with Threat Grid, the first unified malware analysis and threat intelligence solution. After EnCase® Cybersecurity or EnCase® Analytics has identified an unknown threat on an endpoint with the EnCase® Enterprise platform, Threat Grid provides in-depth analysis and correlates the attack-related artifacts with all other known malicious activities to help analysts quickly investigate and determine if malware resides in other parts of the network or if the incident should be closed. The included Google Chrome Extension can be used to search Threat Grid for suspicious processes, IP addresses, registry keys and domains from EnCase® Cybersecurity or EnCase® Analytics.

License Type
Free
Developer
Guidance/OpenText

ThreatAnalyzer provides best in class dynamic file analysis which enables the investigator to quickly determine any behaviors a given file sample may exhibit, including call outs outlining risk specific to malicious behavior. In addition to rich, descriptive, behavioral output, ThreatAnalyzer also provides detailed reports, file artifacts, and derivatives such as packet captures which may be generated by a file sample as part of the analysis.

License Type
Free
Developer
Guidance/OpenText

This script parses history tables from WebCacheV01.dat Extensible Storage Engine database-files.

License Type
Free
Developer
Guidance/OpenText

This EnScript will find any new or updated EnScripts (based on the last time you visited EnCase App Central) and double-clicking the EnScript’s name will take you to the item’s product page where it can be downloaded.

License Type
Free
Developer
Guidance/OpenText

This script will export and rebuild tagged records into a local file to view with a browser. It searches the file content for linked objects and attempts to find those objects in the records. If the object is found the file content is modified to point to a local exported copy of that object. The folder used is the name of the selected record with the unix date to get a unique name.

License Type
Free
Developer
Guidance/OpenText

This script finds and decodes Windows 8/8.1 mail messages originating from cached EML message files, which are stored in the following folder -

License Type
Free
Developer
Guidance/OpenText

This EnScript is designed to determine drive-letter assignments for volumes mounted under Microsoft Windows.

License Type
Free
Developer
Guidance/OpenText

Notwithstanding that the EnCase System Information Parser already provides a lot of useful device-related information, the script outputs additional information, e.g., the last-removal (disconnected) date. It also links each device to its device-container, which has additional properties, e.g., the location of any custom container-icon that's been cached to the system disk.

License Type
Free
Developer
Guidance/OpenText

This EnScript searches the user-nominated pre-Vista event log files (*.evt) to check if they are flagged as dirty.

License Type
Free
Developer
Guidance/OpenText

This EnScript is designed to read installed application information and display it in a similar fashion to the Windows Programs & Features control-panel applet.

License Type
Free
Developer
Guidance/OpenText
620 results - showing 161 - 180
« 1 ... 4 5 6 7 8 9 10 11 12 13 ... »