Computer Forensics Resources

White Papers / Presentations

TitleDLAuthorDescriptionDate/VersionFile Type
  Timeline Analysis Geoff Black Timeline Analysis - CEIC 2007 May 09, 2007 ppt
  Evidence of Folder Renaming Geoff Black Using the MFT Standard Information Attribute and FileName Attribute to find renamed folders in an NTFS system Sept. 17, 2005 pdf
  VM Ware How-To David Shaver Special Agent David Shaver's slide show and tools on how to restore an Encase image to a working VMWare machine May 23, 2006 zip

EnCase EnScripts

Version 6

  Timeline Report Geoff Black This script gathers file information on all or selected files/folders and presents it in a timeline view. The user can select the timeframe to check and output either HTML or tab-delimited text format. Great for intrusions and reporting! REQUIRES EnCase v6.8.1 or greater (updated and tested through Version 6.8.1). v1.7.6
December 21, 2007		 zip
  md5 - Timeline Report - d7a31227e64952ab8d282c83f58e3951 md5

Version 5

  Timeline Report Geoff Black This script gathers file information on all or selected files/folders and presents it in a timeline view. The user can select the timeframe to check and output either HTML or tab-delimited text format. Great for intrusions and reporting! REQUIRES EnCase v5.05f or greater (updated and tested through Version 6.5). v1.7.4
May 29, 2007		 zip
  md5 - Timeline Report - a5aec5cb10a01b980c44d584427f2c55 md5
  Add List of Local Files to New LEF Geoff Black Useful if you have a list of files on a mapped drive that you'd like to add to a LEF while maintaining the full folder path. Much easier than dragging and dropping single files into EnCase. Jan. 23, 2007 zip
  md5 - Add List of Local Files to New LEF md5
  COM - create db Geoff Black COM example showing how to create a database in MSSQL Server using an ADODB connection using the Case Name value for the database name. It also tests to make sure the database, user, and access do not already exist before attempting to create them. Alter "hostname" in each of the three locations for your server name. Alter the two file locations in strSQL to suit your preferences. Tested with MSDE 2000 Release A (SP3a) and EnCase v5.04a. Oct. 9, 2005 zip
  md5 - COM - create db md5
  Foreign Language Finder Geoff Black A highly modified port of Ben Cotton's v4 Arabic Document Finder script - it attempts to locate foreign language documents by using GREP searches and exports to the directory of your choice. All interface options now working. REQUIRES EnCase v5.05a. v1.6.9
May 11, 2006		 zip
  md5 - Foreign Language Finder md5

Version 4 (not supported)

  Foreign Language Finder Ben Cotton Ben Cotton's v4 Arabic Document Finder script - it attempts to locate foreign language documents by using GREP searches and exports to the directory of your choice. Jan. 26, 2006 zip
  md5 - Foreign Language Finder md5
  Timeline Geoff Black This script gathers file information on all or selected files/folders and presents it in a timeline view. The user can select the timeframe to check and output either HTML or tab-delimited text format. Sept. 12, 2005 zip
  md5 - Timeline md5

Hash Sets

  Hashset for Hackers Toolkit Suite 2005 - In early May 2005, F.O.S.I. Team released their so-called "Hackers Toolkit Suite 2005". This is an EnCase hash set of all of those tools. Please read the README file included in the zip archive. May 22, 2005 zip
  md5 - Hackers Toolkit Suite 2005 md5
Disclaimer: All resources are provided "As Is" with no expressed or implied guarantees whatsoever. In no event shall the provider (Geoff Black / geoffblack.com) be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, business interruption; loss of use, data, or profits) however caused and on any theory of liability arising in any way out of the use of these resources, even if advised of the possibility of such damages.

Home     Forensics     Résumé     SiteMap