Computer Forensics Resources
White Papers / Presentations
EnCase EnScripts
Version 6
January 17, 2010
Version 5 (not supported)
May 29, 2007
Version 4 (not supported)
Computer Forensics Resources | ||||||
| ||||||
| Title | DL | Author | Description | Date/Version | File Type | |
|---|---|---|---|---|---|---|
| Timeline Analysis | |
Geoff Black | Timeline Analysis - CEIC 2007 | May 09, 2007 | ppt | |
| Evidence of Folder Renaming | |
Geoff Black | Using the MFT Standard Information Attribute and FileName Attribute to find renamed folders in an NTFS system | Sept. 17, 2005 | ||
| VM Ware How-To | |
David Shaver | Special Agent David Shaver's slide show and tools on how to restore an Encase image to a working VMWare machine | May 23, 2006 | zip | |
| ||||||
Version 6 | ||||||
| Timeline Report | |
Geoff Black | This script gathers file information on all or selected files/folders and presents it in a timeline view. The user can select the timeframe to check and output either HTML or tab-delimited text format. Great for intrusions and reporting! REQUIRES EnCase v6.8.1 or greater (updated and tested through Version 6.13). | v1.8.1 January 17, 2010 |
zip | |
| md5 - Timeline Report - 2BC231669681C114A89A8802D6738F3A | ||||||
Version 5 (not supported) | ||||||
| Timeline Report | |
Geoff Black | This script gathers file information on all or selected files/folders and presents it in a timeline view. The user can select the timeframe to check and output either HTML or tab-delimited text format. Great for intrusions and reporting! REQUIRES EnCase v5.05f or greater (updated and tested through Version 6.5). | v1.7.4 May 29, 2007 |
zip | |
| md5 - Timeline Report - A5AEC5CB10A01B980C44D584427F2C55 | ||||||
| Add List of Local Files to New LEF | |
Geoff Black | Useful if you have a list of files on a mapped drive that you'd like to add to a LEF while maintaining the full folder path. Much easier than dragging and dropping single files into EnCase. | Jan. 23, 2007 | zip | |
| md5 - Add List of Local Files to New LEF - A26343A8F135505D93A5DEF1315A6B30 | ||||||
| COM - create db | |
Geoff Black | COM example showing how to create a database in MSSQL Server using an ADODB connection using the Case Name value for the database name. It also tests to make sure the database, user, and access do not already exist before attempting to create them. Alter "hostname" in each of the three locations for your server name. Alter the two file locations in strSQL to suit your preferences. Tested with MSDE 2000 Release A (SP3a) and EnCase v5.04a. | Oct. 9, 2005 | zip | |
| md5 - COM - Create DB - 9E250B0F0916F2C67C2643A2AB7CC60E | ||||||
Version 4 (not supported) | ||||||
| Timeline | |
Geoff Black | This script gathers file information on all or selected files/folders and presents it in a timeline view. The user can select the timeframe to check and output either HTML or tab-delimited text format. | Sept. 12, 2005 | zip | |
| md5 - Timeline - F512F9A88BB2C16F4460B5829E683E65 | ||||||
| Disclaimer: All resources are provided "As Is" with no expressed or implied guarantees whatsoever. In no event shall the provider (Geoff Black / geoffblack.com) be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, business interruption; loss of use, data, or profits) however caused and on any theory of liability arising in any way out of the use of these resources, even if advised of the possibility of such damages. |
Home Forensics |