Tools

641 results - showing 221 - 240
« 1 ... 7 8 9 10 11 12 13 14 15 16 ... »

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript searches for keywords in every open case and bookmarks the files. Searches within nested archives and you can filter the search by extension.

Tools

License Type
Free
Developer
Guidance/OpenText

This script parses cached messages and profile-information from the 'messagesv12' and 'profilecachev8' tables of Skype 's4l-*' SQLite-database files.

Tools

License Type
Free
Developer
Guidance/OpenText

Most people are aware of the SQLite databases that Skype uses and the information they contain. Another common file associated with a Skype chat is the 'chatsync' file. This file is a proprietary format and it contains some very useful information, such as the user names of the people in the chat (even group chats). In addition to the usernames of each user, each user's local (LAN) and external (WAN) IP addresses are often recorded in this file. This information can be very useful in helping identify or locating a particular user during a specific time. A chatsync file is generally created for each chat "session'. You can select (blue check) any/all chatsync files in EnCase v6 or 'tag" them with 'chatsync' in EnCase v7 and run the below linked EnScript.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript is designed to parse shellbag Registry data from NTUSER.DAT and USRCLASS.DAT Registry hive-files. The script has been tested with data from Windows Vista, Windows 7, Windows 8.1 and Windows 10. The script does not support Windows XP.

Tools

License Type
Free
Developer
Guidance/OpenText

This Filter will enable the user to show or hide items based on the tag status. For example:

1. Tag with 'ignore' all the items you wish to exclude.
2. Run the attached filter.
3. Run the condition on 'Current View'. ( wait, once done )
4. Switch to Split mode of 'Tree Table'.

 

 

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript mounts all SYSTEM registries found in the current evidence, parses the Application Compatility Cache registry key and output the result onto the console, bookmarks and tab-delimited CSV file.

Tools

License Type
Free
Developer
Guidance/OpenText

Exports the text immediately surrounding your search hits and creates a Search Hits Preview file in your export folder. Search Hits Preview is a tab delimited file that can imported into Excel.

Tools

License Type
Free
Developer
Guidance/OpenText

This script decodes one or more values stored in Serialized Property Storage (SPS) format.

Tools

License Type
Free
Developer
Guidance/OpenText

This script searches for specific keywords and bookmarks the hits for each one using a specified data-type.

Tools

License Type
Free
Developer
Guidance/OpenText

This script parses the records from the bookmarks table in SafariTabs.db SQLite database files.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript searches entries and records for BitCoin addresses. It uses the following GREP, ANSI/Unicode, case-sensitive search expressions -

Tools

License Type
Free
Developer
Guidance/OpenText

The SFVDWIN executable contained in this package is a Windows command-line utility for decrypting Safari Form Values files from macOS.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript parses the System Resource Usage Monitor (SRUM) ESE database, SRUDB.dat, which is located in the %SYSTEMROOT%\System32\sru folder. Only the core database-file will be parsed, not any log-files.

Tools

License Type
Free
Developer
Guidance/OpenText

This module parses macOS Safari web-browser data.

Tools

License Type
Free
Developer
Guidance/OpenText

SQLiteQuery adds the ability to parse SQLite database files from within EnCase. It is no longer necessary to export the DB file and use a third party tool. Simply highlight the database file in Encase and run the EnScript. In the first dialog it will present all the available tables within that database and all of their fields. The analyst can type in any valid SQLite query into the window and the second dialog will present the results in a table view. The GUI now allows selecting fields from the dialog and will create the SELECT statement for the user. Simply double click fields to add each to the query.

Tools

License Type
Free
Developer
Guidance/OpenText

This script is designed to extract BLOB-data from SQLite database files.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript is designed to read and decode unused pages from SQLite database files, pages which may contain deleted data.

Tools

License Type
Free
Developer
Guidance/OpenText

This script (based on Lance Muellers original mounted devices script) will create detailed reports on USB, Mounted & portable devices contained in the registry and setupapi logs. Reports are available in formatted Excel Spread sheets, CSV and Bookmarks. It also parses new registry values found in Windows Vista, 7, 8. A "Mapped Devices" Report is also included and this collates all the important information about each USB device and places it in one report. A detailed help file(pdf) is available upon request.

Tools

License Type
Free
Developer
Guidance/OpenText

The Retention Analyzer EnScript uses the time stamp and retention period selected by the user to calculate the number of bytes per month that is exported into a text file. If the primary or secondary hash libraries are enabled with the MD5 hashes calculated than any identified files will be excluded from the retention calculation. The Retention Analysis Report than can be used to generate charts in Microsoft Excel that allows records retention enforcement and return on investment (ROI) potential to be determined. Also works with meta data only Logical Evidence Files for analysis.

Tools

License Type
Free
Developer
Guidance/OpenText

This download consists of a ZIP file containing two filters (EnFilter files): one for entries and one for artifacts (aka records).

641 results - showing 221 - 240
« 1 ... 7 8 9 10 11 12 13 14 15 16 ... »