Forensickb - forensickb.com - Computer Forensics, Malware Analysis & Digital Investigations
General Information:
Latest News:
EnCase EnScript to automate Internet Evidence Finder (IEF) for EnCase v6 & v7 18 May 2013 | 05:58 am
In an effort to try and make the workflow easier for examiners, I have developed an Internet Evidence Finder EnScript for use with EnCase® v6 & v7. The goal of this EnScript is to make it easier for t...
EnCase EnScript to send data directly to SPLUNK for IR, Investigations & Timelines 25 Apr 2013 | 11:50 pm
This EnScript was original designed to aid in the triage and processing of multiple hosts by multiple examiners while conducting Incident Response & Investigations and quickly collate all the data tog...
Crafting good keywords in EnCase and using conditions to refine results 29 Mar 2013 | 03:54 am
I was contacted today by an examiner asking about some search hits that contained a very common keyword and how to quickly and easily refine them down to a relevant subset. This is pretty basic EnCase...
File Entropy explained 21 Mar 2013 | 06:43 pm
I posted a quick EnScript yesterday that calculates the entropy of any selected object in EnCase. One of the comments I received asked for more information about what entropy is and what do the values...
EnCase EnScript to calculate entropy of selected file(s) 20 Mar 2013 | 01:01 am
I saw a recent post on one of the forensic mailing lists about calculating the entropy of unallocated space to determine the "randomness" of the data to help determine if a wiping utility had been use...
EnScript to parse setupapi.dev.log 6 Mar 2013 | 06:10 am
This EnCase EnScript was written to parse the Vista/7 'setupapi.dev.log' for USB events. This log contains a lot of information about hardware events, including when USB devices are attached. This En...
EnCase EnScript - Categorize files by specified file extensions, bookmark and provide count 20 Feb 2013 | 11:27 pm
This EnScript was a request related to the original EnScript written here. This EnScript will provide a ConditionClass dialog where you can specify whatever file extensions you want to look for and c...
Utility to verify wipe/erase of hard drive 12 Dec 2012 | 10:34 pm
I was recently looking for a utility that I could use to efficiently verify the wiping of various types of hard drives. While there are many tools out there to perform a wipe or erasure of a hard disk...
EnCase EnScript to verify LEF collection 16 Aug 2012 | 12:36 pm
I recently received an email from an old colleague Brian Olson. He wanted to share a recent EnScript he wrote and provide a detailed description in case others find it useful: -----------------------...
EnCase EnScript to list and resolve all the file permissions on a drive 1 Aug 2012 | 03:30 am
I recently had a need to create a list of users who had data on a disk. One of the solutions I came up with was to go through every file on the disk and look at the owner permission. Once I had the ow...
