Sunday, December 8, 2013

EnCase EnScript to show users in each security group

The included in EnCase Case Processor (v6) & Process Evidence (v7) EnScripts do an adequate job of enumerating all the users and listing their security group memberships, but the layout of the data is not very 'friendly' in that it requires you to look through the report and review each user and then keep a mental tally of what users are in which groups as you review the results. There is no summary listing all the groups and who is a member of each.

I wanted a quick way to see the local security groups (SAM) and the users within each group, rather than the other way around (the manner Case Processor & Process Evidence uses).

This EnScript is designed to process the blue-checked SAM file (regardless of path) and then provide a summary in the Console tab that is tab-delimited and can easily be copy & pasted to Excel (if needed) maintaining the fields.

Download here (EnCase v6)


Post a Comment

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles