Tuesday, August 15, 2017

EnCase v8 EnScript - Check hash values for tagged files to VirusTotal

This is an update to the original (v6 & v7) EnScript to check the hash value(s) of tagged files to VirusTotal.

Tag any file(s) you want to check with "Check VT":


Run the EnScript and provide either a public or private API key:


The console will provide results and all files with a score greater than zero are bookmarked along with the detected malware names.




Download Here

Monday, August 14, 2017

EnCase v8 EnScript - Check executables to VirusTotal


I have updated the EnScript to send hash values for all executable/DLLs to VirusTotal for analysis. This version works in EnCase v8 and the source code is included for customization. 

You must provide either a public or private VirusTotal API key:



This EnScript will ignore duplicate hash values and only send unique values to VirusTotal. All hash values with a score greater than zero are bookmarked with their detection name:


Computer Forensics, Malware Analysis & Digital Investigations

Random Articles