Tools

619 results - showing 361 - 380
« 1 ... 14 15 16 17 18 19 20 21 22 23 ... »

Tools

License Type
Free
Developer
Guidance/OpenText

This script searches for and decodes bencoded files used as part of the BitTorrent peer-to-peer file sharing protocol.

Tools

License Type
Free
Developer
Guidance/OpenText

This self-installing EnScript plugin allows the user to identify bookmarks matching a specified condition. Matching bookmarks will be blue-checked; any other bookmarks (including all bookmark folders) will be deselected. Please note that this action cannot be undone. The condition will be remembered for later re-use.

Tools

License Type
Free
Developer
Guidance/OpenText

This script Background Activity Moderator (BAM) Registry entries generated by later versions of Windows 10.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript reads document summary information from AutoCAD DWG files. Depending on the information present this may include - Title Subject Author Keywords Comments Last Saved By Revision Number Hyperlink Base Created Date Modified Date The script supports DWG file-versions from 2004 to 2013. Output is by way of bookmarks and a tab-delimited spreadsheet file.

Tools

License Type
Free
Developer
Guidance/OpenText

This script searches specified items for binary plist files. It was designed primarily to recover such files from unallocated clusters.

Tools

License Type
Free
Developer
Guidance/OpenText

This plugin allows the examiner to view and bookmark the information shown under the Attributes tab en-masse rather than on a per-file/folder basis.

 

Tools

License Type
Free
Developer
Guidance/OpenText

This script will find NTUSER.dat files and extract the subkeys [\Software\Ares] and [\Software\Lime Pro] into two bookmarks.  It will also interpret a number of known values and decrypt some values that are encrypted.

Tools

License Type
Free
Developer
Guidance/OpenText

The script assists in mounting Microsoft Outlook PST and OST files. If the files cannot be mounted by EnCase they are automatically exported for processing by third party tools. A log file is also kept for reporting purposes.

Tools

License Type
Free
Developer
Guidance/OpenText

This script will decrypt the data from the .dat files used by the Ares and Lime Pro P2P file trading programs.  The encryption is a simple stream cipher.

 

Tools

License Type
Free
Developer
Guidance/OpenText

This script is designed to remove basic PIN, password or pattern lock from a connected device. This method was tested and works on Android versions from Gingerbread (2.3) to Jelly Bean (4.1), but it may work on others.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript parses user-specified Apple System Log (ASL) files in the current case. Output is by way of bookmarks and a tab-delimited spreadsheet file.

Tools

License Type
Free

SAFT is a free and easy-to-use mobile forensics application developed by SignalSEC security researchers. SAFT allows you to extract valuable information from device in just one click!

Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.

Tools

License Type
Free

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Tools

License Type
Free

Guymager [ˈgɪmɪdʒər] is a free forensic imager for media acquisition. Its main features are:

  • Easy user interface in different languages
  • Runs under Linux
  • Really fast, due to multi-threaded, pipelined design and multi-threaded data compression
  • Makes full usage of multi-processor machines
  • Generates flat (dd), EWF (E01) and AFF images, supports disk cloning
  • Free of charges, completely open source

Tools

License Type
Commercial - Paid

The perfect solution for forensic acquisition of web pages. Forensic community of all the world gave it the recognition like a precious instrument to fix web pages. FAW is suitable for technical consultant and other expert need automatic acquisitions, acquisitions of TOR network and innovative features to speed the activities.

Tools

License Type
Free

CapAnalysis is a web visual tool for information security specialists, system administrators and everyone who needs to analyze large amounts of captured network traffic.
CapAnalysis performs indexing of data set of PCAP files and presents their contents in many forms, starting from a list of TCP, UDP or ESP streams/flows, passing to the geo-graphical representation of the connections.
CapAnalysis is Open Source.

Tools

License Type
Free
Developer
Guidance/OpenText

This script allows the examiner to import user and group accounts from Active Directory into EnCase. This allows the examiner to more easily ascertain the ownership of files/folders through the use of file-system permissions. The script achieves this by querying a domain controller using LDAP.

Tools

License Type
Free
Developer
Guidance/OpenText

This script decodes the date-added timestamps present in the internal $Catalog file created by EnCase for APFS volumes.

The $Catalog file is a collection of APFS directory-entry records each having a key (j_drec_hashed_key_t) and some data (j_drec_val_t).

The 64-bit date-added timestamp represents the time the directory-entry was added to the directory. It follows the 64-bit inode number of the associated file/folder in the j_drec_val_t structure, which is always 18-bytes in length. The timestamp represents the date-added as the number of nanoseconds since 1st January 1970, i.e., the UNIX epoch.

The script will target the records belonging to blue-checked entries in the current view. Alternatively, the record of the entry that is currently highlighted.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript will display the (8) eight NTFS time-stamps associated with each tagged file/folder in EnCase.

619 results - showing 361 - 380
« 1 ... 14 15 16 17 18 19 20 21 22 23 ... »