Tools

618 results - showing 241 - 260
« 1 ... 8 9 10 11 12 13 14 15 16 17 ... »
Details

Tools

License Type
Free
Developer
Guidance/OpenText

This script reads XML-based metadata from entries in the current case that are identified as Office 2007 documents by way of file-extension. The script supports both Microsoft Office Open XML and OpenDocument formats, both of which are a collection of zipped XML-files.

Tools

License Type
Free
Developer
Guidance/OpenText

This plugin provides an interface to the NirSoft ESEDatabaseView executable so as to provide centralized reporting of Extensible Storage Engine (ESE, aka Jet Blue) databases through the use of bookmarks. The plugin requires the NirSoft ESE Database Viewer, which can be downloaded from :

Tools

License Type
Free
Developer
Guidance/OpenText

This script will parse out SMS from a Nokia Lumia 610 mobile phone binary dump. Binary dumps can be obtained from JTAG process or chip off. Known limitation: Messages truncated to 10,000 characters max. Read Incoming and Sent messages are parsed. Read all unread messages before acquiring binary dump. Output as bookmark folder and *.tsv file.

Tools

License Type
Free
Developer
Guidance/OpenText

This script parses USN_RECORD_V2 change-journal records contained in the $J data stream of the NTFS $UsnJrnl file. It can also search for, and decode, USN_RECORD_V2 records in $LogFile and unallocated clusters.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript filter allows the examiner to show/hide entries using multiple date-ranges and one of four different logic options.

Tools

License Type
Free
Developer
Guidance/OpenText

This script is designed to parse the contents of NTFS index buffers.

Tools

License Type
Free
Developer
Guidance/OpenText

NETSH Packet Capture allows network traffic sniffing on Microsoft Windows 7 and newer machines using natively installed NETSH with an EnCase Servlet that has Remediation enabled. Launch the EnScript as no case is necessary and log into your SAFE which will determine if the Remediation flag is enabled and if you have permission to use this feature. Once that is done, you can click the Sniff button to run your NETSH commands on the remote system using the IP that was provide. All results are displayed in the Console View of EnCase after the completion of the command execution. At this point click Cancel to leave NETSH running otherwise set the Export Folder for where the Logical Evidence File should be saved. Also you will want to make sure you stop the packet capture prior to clicking OK as this initiates the file collection based on the default logical file names NetTrace.etl and NetTrace.cab. Microsoft Message Analyzer can be used to review the data or to extract the PCAP contents for review using Wire Shark, Network Miner, Xplico, or etc. Microsoft Message Analyzer Download: http://www.microsoft.com/en-us/download/details.aspx?id=40308 This app was developed by instructors in support of the Guidance Software Professional Development and Training Course offerings. For more information about its use and investigative context, attend one of the following courses: Enterprise Examinations, Host Intrusion Methodology and Investigation, or Cybersecurity and Analytics.

Tools

License Type
Free
Developer
Guidance/OpenText

This is an update to a previously submitted (and approved) EnScript that parses all Windows, OSX and Linux memory images. This update fixes an issue that ocurred when a user attempted to use the script against an evidence file (.E01). There are no other changes to the script.

Tools

License Type
Free
Developer
Guidance/OpenText

Microsoft Word Autosave Document (ASD) files have the Compound File Binary File Format [MS-CFB] file-structure.

Tools

License Type
Free
Developer
Guidance/OpenText

A script to search for protocol fragments of MSN Messenger (or MSN Live Messenger) chat. The message containing the chat is extracted and placed (where possible) into relevant bookmark folders. These protocol messages are NOT fragments of chat logs they are the remains of the actual MSN protocol messages as they appear the Internet. In many cases these exist on a machine even where chat logging has been disabled. The script was developed in conjuction with the publication of this paper: http://computerforensics.parsonage.co.uk/downloads/MSNandLiveMessengerArtefactsOfConversations.pdf

Tools

License Type
Free
Developer
Guidance/OpenText

This template may serve you as basis for your own specific template and includes many Bookmark folders for often encountered topics during your exams. Bookmark Formats for reporting purposes are provided and tailored to each individual type of data. Includes over 80 pre-defined Bookmark Folders for commonly encountered artifacts, broken down into detailed categories like File Sharing Clients, Malware Analysis, Social Networking, Browsers and more.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript allows the examiner to tag the items of interest. The EnScript will export a tab- delimited CSV file with the name MD5 hash value and logical size of the selected tags. This information can be used to create a condition using the logical size and hash value to search other systems for a matching file.

Tools

License Type
Free
Developer
Guidance/OpenText

This script is designed to locate one or more files from a known set. It works with records as well as entries.

Tools

License Type
Free
Developer
Guidance/OpenText

Decodes the UUID and UID from the names of sub-folders under /private/var/folders in MacOS.

Tools

License Type
Free
Developer
Guidance/OpenText

This template may serve you as basis for your own specific template and includes many Bookmark folders for often encountered topics during your exams. Bookmark Formats for reporting purposes are provided and tailored to each individual type of data. Includes over 80 pre-defined Bookmark Folders for commonly encountered artifacts, broken down into detailed categories like File Sharing Clients, Malware Analysis, Social Networking, Browsers and more.

Tools

License Type
Free
Developer
Guidance/OpenText

Dieses umfassende Berichtstemplate kann als Basis für Ihre eigene Vorlage dienen. Sie ist sehr umfangreich und enthält Bookmark-Verzeichnisse für die häufigsten Topics Ihrer Untersuchungen. Die Darstellung der verschiedenen Lesezeichen wurde gemäß Kundenwünschen angepasst und kann selbstverständlich weiter optimiert werden.

Tools

License Type
Free
Developer
Guidance/OpenText

This script parses MacOS chunk-storage SQLite database-files used by the previous-versions feature introduced in MacOS X Lion. The chunk-storage database is located at the following path in HFS+ and APFS volumes that support this feature -

Tools

License Type
Free
Developer
Guidance/OpenText

The purpose of this script is to assist the examiner to visualize the paths of relevant target files within a Mac OS X Time Machine volume.

Tools

License Type
Free
Developer
Guidance/OpenText

This script parses thumbnails from MacOS QuickLook thumbnail-cache files.

Tools

License Type
Free
Developer
Guidance/OpenText

This script searches user-specified Mac OS X plaintext log-files for log-entries containing one or more keywords. Bzip2 and Gzip archives of each log-file will expanded and searched automatically. Matching logs are written to bookmarks and a tab-delimited spreadsheet file. The script can also be used with any other UTF-8 encoded log-files that have UNIX line-breaks.

618 results - showing 241 - 260
« 1 ... 8 9 10 11 12 13 14 15 16 17 ... »