MFT Parsing

So, I was having lunch with my good friend Mike. Great guy. If you get a chance, take Mike to lunch. Anyway, we were discussing how EnCase doesn’t really give the user easy access to the MFT and there is some information in there that doesn’t get parsed by EnCase that could be useful to […]

Read more "MFT Parsing"

Autoruns

This is an EnCase EnScript I wrote a few years back.  The original design goal was to implement Sysinternals Autoruns.exe inside EnCase so it could be run against dead drives during forensics cases.  Sysinternals has since reworked Autoruns.exe so it can work against a dead drive, thus limiting the usefulness of this script.  It still […]

Read more "Autoruns"

I caved.

Due to boredom, the need for a place to keep notes, and general peer pressure, I have created a blog.  I know.  I’m a sell out.  Next I’ll be speaking at conferences and writing books.

Read more "I caved."