EnCase v7 EnScript to create LEF based on condition
A reader recently asked if I could create an EnScript that would create a LEF based on a condition. Unfortunately, the reader wanted to use it with the free EnCase Imager program, which does not support creating LEFs or using the ConditionClass.
However, I did create an EnScript that can be used with EnCase Forensic/Enterprise, which will create a LEF based on condition criteria that you can define.
When run, the EnScript will ask for a location where to save the logical evidence file. The EnScript will initially assume the case default export folder unless set otherwise:
However, I did create an EnScript that can be used with EnCase Forensic/Enterprise, which will create a LEF based on condition criteria that you can define.
When run, the EnScript will ask for a location where to save the logical evidence file. The EnScript will initially assume the case default export folder unless set otherwise:
The EnScript will then go through all the devices/evidence files loaded in the case and apply a condition that you can define:
The EnScript will create a LEF containing all the files that match the criteria you define. A separate LEF is created for each device/evidence file:
ShareThis
Posts
0 comments:
Post a Comment