encase

$I30 INDX Parsing

I needed to walk a directory index for another script I was working on. I figured, as long as I was there trying to prototype that, I would just dump out the entire Index. I already have a couple of scripts that do this. One of the major things I noticed when I started working […]

Read more "$I30 INDX Parsing"

MFT Parsing

So, I was having lunch with my good friend Mike. Great guy. If you get a chance, take Mike to lunch. Anyway, we were discussing how EnCase doesn’t really give the user easy access to the MFT and there is some information in there that doesn’t get parsed by EnCase that could be useful to […]

Read more "MFT Parsing"

Autoruns

This is an EnCase EnScript I wrote a few years back.  The original design goal was to implement Sysinternals Autoruns.exe inside EnCase so it could be run against dead drives during forensics cases.  Sysinternals has since reworked Autoruns.exe so it can work against a dead drive, thus limiting the usefulness of this script.  It still […]

Read more "Autoruns"