Autoruns

This is an EnCase EnScript I wrote a few years back.  The original design goal was to implement Sysinternals Autoruns.exe inside EnCase so it could be run against dead drives during forensics cases.  Sysinternals has since reworked Autoruns.exe so it can work against a dead drive, thus limiting the usefulness of this script.  It still comes in handy for certain tasks since it is faster than mounting the drive to run Autoruns.exe.

The output will be in the Console and from there can be cut-n-pasted or saved to a file.

Due to changes in the Registry files, this doesn’t work on Windows 7.

Download here

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s