$I30 INDX Parsing

I needed to walk a directory index for another script I was working on. I figured, as long as I was there trying to prototype that, I would just dump out the entire Index. I already have a couple of scripts that do this. One of the major things I noticed when I started working […]

Read more "$I30 INDX Parsing"

MFT Parsing

So, I was having lunch with my good friend Mike. Great guy. If you get a chance, take Mike to lunch. Anyway, we were discussing how EnCase doesn’t really give the user easy access to the MFT and there is some information in there that doesn’t get parsed by EnCase that could be useful to […]

Read more "MFT Parsing"