Monday, August 14, 2017

EnCase v8 EnScript - Check executables to VirusTotal


I have updated the EnScript to send hash values for all executable/DLLs to VirusTotal for analysis. This version works in EnCase v8 and the source code is included for customization. 

You must provide either a public or private VirusTotal API key:



This EnScript will ignore duplicate hash values and only send unique values to VirusTotal. All hash values with a score greater than zero are bookmarked with their detection name:


0 comments:

Post a Comment

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles