Saturday, July 14, 2007

Obtain Service Pack/Patch information quickly in EnCase

In almost every forensic report that I write, I include the OS type, service pack level and patches that have been applied to the OS. This information sets the foundation as to what level of OS is installed and starts to give indications as to what is possible in terms of exploits against this machine.

This is a quick EnScript I wrote to extract this information from the registry and print to the console tab of EnCase so I could copy and paste all or a portion of it into a forensic report.

*note - this currently does not work on Vista

Download Here


Todd Beebe Wednesday, 15 April, 2009  

I receive an error when attempting to run this.

Error: Reference to null NodeClass object in function call: Find, Custom\Service Pack and Patch Information(1,383)

I am running EnCase v6.11.

Is there an include file or something else necessary for this to run?

Post a Comment

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles