Tools

616 results - showing 161 - 180
« 1 ... 4 5 6 7 8 9 10 11 12 13 ... »
Details

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript is designed to decode data stored in the HKCU Registry UserAssist sub-key present in Windows XP and later operating systems.

Tools

License Type
Free
Developer
Guidance/OpenText

This will add a right click option to unmount a compound file. This can be used to try a different password or just get rid of the additional items. NOTE: Unmounting a compound file will disconnect any bookmarks that were made of items inside the compound file.

Tools

License Type
Free
Developer
Guidance/OpenText

This script parses Windows Vista, Windows 7, Windows 8 and Windows 10 thumbcache_*.db files.

Tools

License Type
Free
Developer
Guidance/OpenText

Use this script to preview the files and folders on a remote device via a UNC path. Selected files can be added to a LEF.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript was authored in an attempt to save the examiner the time of manually parsing the System Registry Hive to determine the current control set and then parse the current control set to retrieve the timezone information for each of the evidence files loaded into EnCase Evidence tab.

Tools

License Type
Free
Developer
Guidance/OpenText

This Enscript will send selected MD5 hashes to the Team Cymru Malware Hash Registry (MHR) to learn if any might be suspicious, e.g. malware. The results are recorded in the Bookmarks.

Tools

License Type
Free
Developer
Guidance/OpenText

Cisco’s AMP Threat Grid Malware Analysis and Intelligence for EnCase® provides direct integration with Threat Grid, the first unified malware analysis and threat intelligence solution. After EnCase® Cybersecurity or EnCase® Analytics has identified an unknown threat on an endpoint with the EnCase® Enterprise platform, Threat Grid provides in-depth analysis and correlates the attack-related artifacts with all other known malicious activities to help analysts quickly investigate and determine if malware resides in other parts of the network or if the incident should be closed. The included Google Chrome Extension can be used to search Threat Grid for suspicious processes, IP addresses, registry keys and domains from EnCase® Cybersecurity or EnCase® Analytics.

Tools

License Type
Free
Developer
Guidance/OpenText

ThreatAnalyzer provides best in class dynamic file analysis which enables the investigator to quickly determine any behaviors a given file sample may exhibit, including call outs outlining risk specific to malicious behavior. In addition to rich, descriptive, behavioral output, ThreatAnalyzer also provides detailed reports, file artifacts, and derivatives such as packet captures which may be generated by a file sample as part of the analysis.

Tools

License Type
Free
Developer
Guidance/OpenText

This script parses history tables from WebCacheV01.dat Extensible Storage Engine database-files.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript will find any new or updated EnScripts (based on the last time you visited EnCase App Central) and double-clicking the EnScript’s name will take you to the item’s product page where it can be downloaded.

Tools

License Type
Free
Developer
Guidance/OpenText

This script will export and rebuild tagged records into a local file to view with a browser. It searches the file content for linked objects and attempts to find those objects in the records. If the object is found the file content is modified to point to a local exported copy of that object. The folder used is the name of the selected record with the unix date to get a unique name.

Tools

License Type
Free
Developer
Guidance/OpenText

This script finds and decodes Windows 8/8.1 mail messages originating from cached EML message files, which are stored in the following folder -

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript is designed to determine drive-letter assignments for volumes mounted under Microsoft Windows.

Tools

License Type
Free
Developer
Guidance/OpenText

Notwithstanding that the EnCase System Information Parser already provides a lot of useful device-related information, the script outputs additional information, e.g., the last-removal (disconnected) date. It also links each device to its device-container, which has additional properties, e.g., the location of any custom container-icon that's been cached to the system disk.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript searches the user-nominated pre-Vista event log files (*.evt) to check if they are flagged as dirty.

Tools

License Type
Free
Developer
Guidance/OpenText

This EnScript is designed to read installed application information and display it in a similar fashion to the Windows Programs & Features control-panel applet.

Tools

License Type
Free
Developer
Guidance/OpenText

This script uses various methods to detect known executable file packers.  The script first parses the structure of the PE data, then uses known characteristics of this structure to identify the packers.

Tools

License Type
Free
Developer
Guidance/OpenText

This script is designed to iterate through the contents of a single, selected (blue-checked) Windows Live Mail storage folder (referred to as the target folder in the text below) and create a separate MBOX file for each sub-folder and the EML mail-messages contained therein.

Tools

License Type
Free
Developer
Guidance/OpenText

This is a simple script that extracts the drive-letter mappings from HKCU\Network.

Tools

License Type
Free
Developer
Guidance/OpenText

This script decodes the login-count for local user accounts stored in SAM Registry hive files in the current case.

616 results - showing 161 - 180
« 1 ... 4 5 6 7 8 9 10 11 12 13 ... »