EnScript to export x bytes around search hit with HTML report
A few weeks ago I posted an article and EnScript to export x bytes around a search hit. You can read about it here.
I received an email from a reader asking if I could modify it to create an HTML report of the search hits, with the search hit being highlighted in red and then some additional information in the report. Seeing how there was nothing interesting on TV, I took the time to modify the existing script to create an HTML report.
How it works:
Run your keyword search against your evidence. Once the search is complete, view your search hits, then select (blue check) the ones you want to export (one, many, all). Then run the EnScript. The EnScript will take each search hit that you have selected and carve out the text around the keyword depending on the before and after integer values you provided (2000 before and 2000 after is default). This new version will also create a simple HTML "Proximity Report" in your default export folder if you select the "Create HTML report" check box on the starting menu.
The HTML report is nothing fancy, but I guess it serves the purpose.
Both are written for EnCase v6
New version with HTML report
Old version with no HTML report
ShareThis
Posts
8 comments:
Great job, thanks for the work!
Great work!
This is going to make my life a little easier to say the least.
Any chance of it being modded again to add a few more features?
- Export to CSV
- Choose what columns to export
- Split report to files of x mb (Often have 1000's of hits to export from Unallocated)
I find this EnScript very useful too. However, I have a few comments after using it on some hits recently. It seems that if the hits appear in a html file, the tags within the file will mess up the layout of the HTML report.
Is it possible to have a separate EnScript to create the HTML page from the dmp files separately so that I can do some post-processing on the dmp files, e.g. remove all the HTML tags before creating the HTML summary? Or is there an easier way out?
Mike Ciaramitaro here, thanks Lance!! I spent 2 hours trying to figure out how to deliver the contents of my search results to a client and when I was ready to do it by hand, I found your EnScript. Now I can leave my house this weekend! Thanks.
Mike,
Great to hear from you! Send me an email at lance (at) forensickb.com to catch up.
Hello Lance,
As we discussed in Almere, please put in the ability to export the data also into a csv-file.
Kind regards,
Hans Heins
Hi Lance,
Does this script work with 6.14.0.159?
I am running it on this version with a 160 hits selected and it produces an HTML report with headings and nothing else.
Regards
Ian
Been searching for a way to do this and your EnScript saved the day. Thanks!!!!
I do have one question though. I used your EnScript to create an HTML report with 4,337 search hits. At various locations in the HTML report, the formatting (columns and such) get all caddywhompus and turn into actual HTML where the parsed bytes are being displayed as if it were being viewed in a web browser. Did that make sense?
As stated in a comment a few above, is there a version yet that exports in a csv format so I can sort the data and create a nice spreadsheet listing?
Again, thank you for your work.
Post a Comment