Sunday, November 8, 2009

EnScript to display the number of search hits per file.

A reader asked if I could write an EnScript to calculate how many search hits were in each individual file, instead of the total number of search hits that EnCase displays.

Below is an EnScript that will calculate the number of unique files with each selected search hit, as well as how many hits in each file. To use, conduct your search, then select the search hits you want to include in the report and then run.





Once you run the EnScript, it will automatically open Microsoft Excel (required) and populate three columns, Search Expression+(unique count), Full Path, and hits per file.


5 comments:

Unknown Thursday, 12 November, 2009  

Nice, but do you differ between hits in files and file slack? I and a collegue worte such a "statistic" EnScript but only with console output.
Maybe we could combine it?
Marty

Lance Mueller Thursday, 12 November, 2009  

No, there is no differentiation between in the logical file or file slack. The original request from the reader was just for number of hits per file.

Unknown Wednesday, 18 November, 2009  

Did you get my email?

Fael Wednesday, 02 December, 2009  

instead of using keywords that will work with "GREP expressions" and thus save bookmarks in the way you presented?

Unknown Saturday, 12 December, 2009  

Does anyone have enscript which export number of keyword hits identified in User readable files i.e. DOC/XLS/PPT/PDF/TXT/ZIP etc

Post a Comment

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles