Comments on Computer Forensics, Malware Analysis & Digital Investigations: EnScript to parse USNJRNL

Hi all, I can also discover a normal executable w...

2010-10-24T06:25:49.706-07:00

Hi all,

I can also discover a normal executable which parses also the USNJRNL File and dumps its contents to a log (for those who don't own EnCase)

Just post into this comments if you guys want a copy :-)

kind regards

Markus

Lance, Is there a way to parse fragments of the US...

2010-07-07T01:06:48.847-07:00

Lance,
Is there a way to parse fragments of the USNJRNL from unallocated clusters?

Regards Richard

Lance: I saw your post on the Win4n6 group. Thank...

2010-03-17T09:34:47.452-07:00

Lance:

I saw your post on the Win4n6 group. Thanks for doing this. I sincerely appreciate it.

Best regards, Phil

Output to CSV functionality added 03/17/10, v1.2

2010-03-17T09:06:45.327-07:00

Output to CSV functionality added 03/17/10, v1.2

Lance: I know this is a rather dated post, so I d...

2010-03-16T17:54:56.388-07:00

Lance:

I know this is a rather dated post, so I don't know if you're still monitoring it. But I recently came across the need for examining the USNJRNL file and used your EnScript to parse it--thank you very much for making this available by the way.

I was wondering, however, if it's possible to output the parsed text in a delimited format. Having the output in delimited format would allow one to open in a spreadsheet and sort by date, Reason code, etc. That would be very helpful, I would think.

Anyway, thanks again for making this available.

Best regards, Phil

Dang! I was looking for those structures myself fo...

2008-09-02T07:52:00.000-07:00

Dang! I was looking for those structures myself for a long time and put serious work into it and NOW THEY POST THE DATA!!!!!!!