Tuesday, August 15, 2017

EnCase v8 EnScript - Check hash values for tagged files to VirusTotal

This is an update to the original (v6 & v7) EnScript to check the hash value(s) of tagged files to VirusTotal.

Tag any file(s) you want to check with "Check VT":


Run the EnScript and provide either a public or private API key:


The console will provide results and all files with a score greater than zero are bookmarked along with the detected malware names.




Download Here

Monday, August 14, 2017

EnCase v8 EnScript - Check executables to VirusTotal


I have updated the EnScript to send hash values for all executable/DLLs to VirusTotal for analysis. This version works in EnCase v8 and the source code is included for customization. 

You must provide either a public or private VirusTotal API key:



This EnScript will ignore duplicate hash values and only send unique values to VirusTotal. All hash values with a score greater than zero are bookmarked with their detection name:


Tuesday, February 28, 2017

EnScripts Currently Offline - being moved

All the EnScripts are currently unavailable while I move them to a different storage location. May of the old links will be broken, please just email me and I will provide an updated link and/or email it directly to you.

UPDATE:

EnScripts:
 https://github.com/lancemueller/EnCase-EnScripts

Practical Evidence files:
https://www.dropbox.com/sh/q0w7fy25qyltalh/AAD_VbL27cpa2bKuCtKaCuhaa?dl=0
 

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles