Comments on Computer Forensics, Malware Analysis & Digital Investigations: Maine State Police - Keyword Search & Export EnScr...

Many institutions limit access to their online inf...

2010-06-23T22:16:37.576-07:00

Many institutions limit access to their online information. Making this information available will be an asset to all.

Lance, This EnScript was tremendously useful to m...

2010-02-19T16:54:55.501-08:00

Lance,

This EnScript was tremendously useful to me this past week in examining a Limewire/CP case. Many, many thanks to you & Sgt. Lang!

I don't use EnCase, although I do follow Lance's b...

2009-05-24T15:02:58.387-07:00

I don't use EnCase, although I do follow Lance's blog, as it's universally helpful. However, in your case, perhaps formatting or the reinstallation of the OS skewed the cluster boundaries. Perhaps this is what you meant, but I'd try a byte level grep across the volume.

I use X-Ways Forensics to run the greps, directing my searches to begin at every 44032 bytes of free space. The only problem is that XWF can only search on about 750 of the grep strings at one time.

I attempted to use this EnScript on a P2P case whe...

2009-05-18T08:03:00.000-07:00

I attempted to use this EnScript on a P2P case where the suspect had approximately 120 known CP files during the controlled download stage, but had re-installed Windows XP the week prior to my hitting the house. I have his admission, I'm just lacking actual content at this point. I can see plenty of remnants in drive free space on the 100GB drive. I've tried running this EnScript twice without anything getting bookmarked.
I'm going to try just running the GREP keywords straight to see if that might be the issue.
Is the older movie parser EnScript demonstrated in the video still available to try?
Thanks,
Jeff Datzman
Vacaville PD
707-469-4741
JDatzman@cityofvacaville.com