Obtain Service Pack/Patch information quickly in EnCase
In almost every forensic report that I write, I include the OS type, service pack level and patches that have been applied to the OS. This information sets the foundation as to what level of OS is installed and starts to give indications as to what is possible in terms of exploits against this machine.
This is a quick EnScript I wrote to extract this information from the registry and print to the console tab of EnCase so I could copy and paste all or a portion of it into a forensic report.
*note - this currently does not work on Vista
Download Here
ShareThis
Posts
1 comments:
I receive an error when attempting to run this.
Error: Reference to null NodeClass object in function call: Find, Custom\Service Pack and Patch Information(1,383)
I am running EnCase v6.11.
Is there an include file or something else necessary for this to run?
Post a Comment