Monday, August 14, 2017

EnCase v8 EnScript - Check executables to VirusTotal

I have updated the EnScript to send hash values for all executable/DLLs to VirusTotal for analysis. This version works in EnCase v8 and the source code is included for customization. 

You must provide either a public or private VirusTotal API key:

This EnScript will ignore duplicate hash values and only send unique values to VirusTotal. All hash values with a score greater than zero are bookmarked with their detection name:


Post a Comment

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles