EnScript to parse LNK files into Excel - sortable on timestamps
The EnCase "Case Processor" EnScript includes a Link File Parser module that work fine, but does not produce a very efficient report. For example, if you want to quickly see all the LNK files that refer to object on removable media, you have to read through all the entries to find one that may be on a removable device. Also, there is no way to sort the data by the timestamps contained in the LNK file to build a timeline.
I wrote this EnScript several months ago for a specific need I had back then, but never had a chance to post it.
This EnScript requires Microsoft Excel be installed and it will parse all the LNK files in the case (no need to select). The data will be sent to Excel and a spreadsheet will automatically open, displaying the data. You can then easily sort on any field and quickly see the properties of each Link file.
Download Here
I wrote this EnScript several months ago for a specific need I had back then, but never had a chance to post it.
This EnScript requires Microsoft Excel be installed and it will parse all the LNK files in the case (no need to select). The data will be sent to Excel and a spreadsheet will automatically open, displaying the data. You can then easily sort on any field and quickly see the properties of each Link file.
Download Here
ShareThis
Posts
11 comments:
Lance: Does this EnScript also pull deleted LNK files out of Unallocated? Or should the Link File Parse module in the Case Processor be run first to locate any LNK files in unallocated?
No, this processes logical files only. It does nothing to search or process data in unallocated.
Hi Lance, I have noticed that the output in excel seems to cap the report at 1500 rows. Is this intentional?
Hi Lance, I am getting the same result as Shane Bell does, the output in excel seems to cap the report at 1500 rows. Is this intentional?
@Chuw & Shane,
Yes, I apologize, there was some testing code I left in that limited it to 1500 records.
New version is posted.
http://www.lancemueller.com/blog/Parse%20Link%20Files%20to%20EXCEL%20Spreadsheet%20with%20UNIX%20dates%20for%20sorting.EnPack
Hi Lance,
Thanks for the update,
Just share some idea here, i find that better to include the Link File timstamps for better understanding on the particular link file details, instead of showing the Target File timestamps only.
Anyway, Thanks for sharing the great EnScript.
Lance,
I just ran the updated enscript against a case where I know I have 96 LNK files on a particular date. The Excel spreadsheet created by the enscript left out 50 of them. The spreadsheet has a total of 1,009 rows so the 1,500 record limit isn't the problem. Have you seen this before?
Thanks,
Richard
I can use Excel sheet to create an excel file , but how can I read an excel file?
how to find the list of installed programs ? any enscript
Check the included Case Processor EnScript
Post a Comment