USB Device History

I have modified the USB device history EnScript a little to generate a error dialog box if you do not have a case open when trying to run the script and if you run the EnScript with multiple pieces of evidence, the output is now separated and a line at the top of each output indicates where the information was obtained.




Download Here V5 (.enscript)
Download Here V6 (.enpack)

Some damn funny forensic humor

A friend of mine who has a private forensic consulting firm received a phone call today from a guy who started rambling on talking all sorts of crazy talk. After hanging up on the guy, he proceeded to call back about 20 times and eventually left three voice mail messages.

The only editing I did was to remove his phone number from the recordings and part of his name to protect the innocent, guilty, mentally insane or heavily drugged..

Those of you in LE know these types of calls are pretty common to dispatch, etc. But these just struck me as "extra" funny!

Warning: There is some profanity in the messages. Also be sure and empty your bladder before listening.

Listen at your own risk:

Voice Message1
Voice Message2
Voice Message3

EnScript to export hashes from SearchPak .spak file

A reader contacted me about the possibility of exporting the hashes used by the SearchPak program made by ADFSolutions so they could be imported into EnCase, as he had several hundred thousand hashes in the SearchPak program. I asked for a sample of the file that contains the hash values in the SearchPak application and found they are stored in a XML type text file with a ".spak" extension.

I wrote a quick EnScript that parses the XML type .spak file and then exports all the hashes to a text file in the default export folder of EnCase. You can then use the EnScript I previously wrote here to read hashes from a text file and create a EnCase hash set.

Written for EnCase v6
Download Here