Tools

596 results - showing 161 - 180
« 1 ... 4 5 6 7 8 9 10 11 12 13 ... »

Tools

License Type
Free
Developer
Guidance/OpenText

This script parses network-profile information from the following Registry key:

  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

Tools

License Type
Free
Developer
Guidance/OpenText

This scripts reads recently-used application information from the following Registry path:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps

Tools

License Type
Free
Developer
Guidance/OpenText

This is a self-installing EnCase V7 application-plugin that adds a right-click context-menu option allowing the user to view an item (entry, bookmark, record or result-set entry) using the Windows application registered to handle that item's file-type (as identified by file-extension).

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript will search for, and bookmark, ZIP-file index-entries. It was designed for the recovery of data from deleted ZIP files (including MS Word *.DOCX files) that can't otherwise be recovered, either because they're partially overwritten or fragmented.

Tools

License Type
Free
Developer
Guidance/OpenText

This script will parse all eDonkey & eMule 'known.met' or 'known.met.bak' files or those that have been selected in the current view. Any files that don't have one of those two file-names will be ignored. To prevent errors, deleted-overwritten files will also be ignored even if they are known.met or known.met.bak files.

Tools

License Type
Free
Developer
Guidance/OpenText

This script is designed to parse ‘Zone.Identifier’ alternate data streams, which are sometimes referred to as ‘Marks of the Web’ and can help to identify files downloaded from the Internet.

Tools

License Type
Free
Developer
Guidance/OpenText

This script decodes macOS bookmark datastreams of the type found in macOS alias files and property-list files.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript parses *.ichat messages of the type created by the Mac OS X Messages application.

Tools

License Type
Free
Developer
Guidance/OpenText

Startup Manager allows a user to configure EnScript or EnPack files to start automatically when EnCase starts up.

Tools

License Type
Free
Developer
Guidance/OpenText

System Snap Shot collects information regarding software used, system settings, user names and last login information. It also provides insight on connections made that would allow data to be moved off the machine. This EnScript is compatible with evidence using Windows Operating Systems. All results from running this EnScript will be placed into the Bookmarks tab of your case for review and easy addition into a report.

Tools

License Type
Free
Developer
Guidance/OpenText

SysTools Outlook Exporter is an EnCase plugin which allows you to export email evidence found with EnCase forensic to an Outlook (.pst) file WITHOUT Outlook being installed on the examiner’s machine. Just tag the desired mails and then use the plugin to export them into PST.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript searches for keywords in every open case and bookmarks the files. Searches within nested archives and you can filter the search by extension.

Tools

License Type
Free
Developer
Guidance/OpenText

This script parses cached messages and profile-information from the 'messagesv12' and 'profilecachev8' tables of Skype 's4l-*' SQLite-database files.

Tools

License Type
Free
Developer
Guidance/OpenText

Most people are aware of the SQLite databases that Skype uses and the information they contain. Another common file associated with a Skype chat is the 'chatsync' file. This file is a proprietary format and it contains some very useful information, such as the user names of the people in the chat (even group chats). In addition to the usernames of each user, each user's local (LAN) and external (WAN) IP addresses are often recorded in this file. This information can be very useful in helping identify or locating a particular user during a specific time. A chatsync file is generally created for each chat "session'. You can select (blue check) any/all chatsync files in EnCase v6 or 'tag" them with 'chatsync' in EnCase v7 and run the below linked EnScript.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript is designed to parse shellbag Registry data from NTUSER.DAT and USRCLASS.DAT Registry hive-files. The script has been tested with data from Windows Vista, Windows 7, Windows 8.1 and Windows 10. The script does not support Windows XP.

Tools

License Type
Free
Developer
Guidance/OpenText

This Filter will enable the user to show or hide items based on the tag status. For example:

1. Tag with 'ignore' all the items you wish to exclude.
2. Run the attached filter.
3. Run the condition on 'Current View'. ( wait, once done )
4. Switch to Split mode of 'Tree Table'.

 

 

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript mounts all SYSTEM registries found in the current evidence, parses the Application Compatility Cache registry key and output the result onto the console, bookmarks and tab-delimited CSV file.

Tools

License Type
Free
Developer
Guidance/OpenText

Exports the text immediately surrounding your search hits and creates a Search Hits Preview file in your export folder. Search Hits Preview is a tab delimited file that can imported into Excel.

Tools

License Type
Free
Developer
Guidance/OpenText

This script decodes one or more values stored in Serialized Property Storage (SPS) format.

Tools

License Type
Free
Developer
Guidance/OpenText

This script searches for specific keywords and bookmarks the hits for each one using a specified data-type.

596 results - showing 161 - 180
« 1 ... 4 5 6 7 8 9 10 11 12 13 ... »