Comments on Computer Forensics, Malware Analysis & Digital Investigations: EnScript to Export files by extension

Hello Lance, This is a very handy tool. We use it ...

2011-05-23T00:53:22.879-07:00

Hello Lance,
This is a very handy tool. We use it here in the Netherlands(Hague Police Force) to quickly extract files, we then put in a tool called Forensic Websearch. This tool gives a tactical investigator the possibility to search in digital evidence from a location outside our office.
Is it possible that we (like the collegue above) can obtain the source code from you, so we can make some (minor) modifications to suit our purposes?
If you don't want to provide the code, we fully understand that, and we appreciate all your efforts for making the live of a digital investigator a little easier....
With regards,
Frits van Beukering
frits@digitale-expertise.nl

Hi Lance, any possibility of getting the source co...

2010-02-18T07:32:43.469-08:00

Hi Lance, any possibility of getting the source code for the EnScript to Export files by extensions? I'd like to make some specific modifications to my version of your code, but cannot do that without the actual EnScript.

If you do not feel comfortable in provide the source code, I will understand completely.

Thank you for considering my request.
HD

i send the last post above. my e-mail:kocamaz.cane...

2009-07-10T00:17:44.469-07:00

i send the last post above. my e-mail:kocamaz.caner@gmail.com

Hi, i am examining a case, includes 40 harddisks i...

2009-07-08T06:42:00.541-07:00

Hi,
i am examining a case, includes 40 harddisks image files. i added all image files to one case. i need a script which do those followings
1-it will create a folder(folder name=image file name, exclude E01 extension) for every image files under Export Folder.
2-it will create subfolders( a some file extension named folder ) every created folders.
for example

folder name:image1
subfolders: doc, xls,avi,mpg

it will do same again every image files (image2,...image40).

3-it will copy doc extension files to doc subfolder, xls files to xls folder etc.

i tried do this but i couldnt solved completely. i edit a Encase built-in script below.

typedef String[] files;
class MainClass
{
void Main(CaseClass c)
{
EntryClass e;
files f{"doc","xls","pdf","txt","rtf"};
String outputPath;
LocalFileClass ofolder();

forall(DeviceClass dev in c.DeviceRoot())
{
Console.Write(dev.Name()+"\n");
outputPath=c.ExportFolder()+"\\"+dev.Name();
//Console.Write(outputPath.GetFilePath()+"\n");

for(int i=0;i(less-than)f.Count();i++)
{
if (LocalMachine.PathExists(outputPath.GetFilePath()+ "\\"+dev.Name()+"\\"+f[i]) == false)
{
LocalMachine.CreateFolder(outputPath.GetFilePath() +"\\"+dev.Name()+"\\"+f[i], ConnectionClass::CREATEFOLDERALL);
}

}
e=dev.GetRootEntry();
//Console.Write(e.Name()+"\n");
}

}

}//MainClass

** i couldnt copy files every subfolders. i am waiting your helps. Thanx.

Hey Lance, I find this to be a mighty useful scri...

2009-06-30T01:39:10.020-07:00

Hey Lance,

I find this to be a mighty useful script. In a typical e-discovery case what would be your methodology. You use this instead of a custom filter? The other questions would be:
1. Does it export the files with bad signatures or overwritten? (they still have the right extensions)
2. What is your approach towards carved files? You first run this script and only then (if necessary, requested) set-up the carving for specific filetypes and export them as search hits into a separate folder?

Thank you again for the script - I will check it as soon as I can.

Hey Lance, hope all is well....! Cool idea, thank...

2009-06-29T09:03:42.624-07:00

Hey Lance, hope all is well....! Cool idea, thanks for putting it together, and as always, thanks for sharing.