tag:blogger.com,1999:blog-1746946614390371171.comments2023-05-09T02:31:13.939-07:00Computer Forensics, Malware Analysis & Digital InvestigationsLance Muellerhttp://www.blogger.com/profile/15789264000499223230noreply@blogger.comBlogger793125tag:blogger.com,1999:blog-1746946614390371171.post-47890873114927711762017-07-24T19:23:38.479-07:002017-07-24T19:23:38.479-07:00https://github.com/lancemueller/EnCase-EnScripts/b...https://github.com/lancemueller/EnCase-EnScripts/blob/master/Computer%20Forensic%20lifecycle.pdfLance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-26867221927641373222017-07-24T11:39:28.859-07:002017-07-24T11:39:28.859-07:00Hi Lance,
Can you repost the forensic lifecycle d...Hi Lance,<br /><br />Can you repost the forensic lifecycle document ? It was from June 2013.<br /><br />Thanks in advance. jayhttps://www.blogger.com/profile/16367175797627363548noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-19867755818951257432017-06-03T10:07:49.237-07:002017-06-03T10:07:49.237-07:00http://www.forensickb.com/2017/02/enscripts-curren...http://www.forensickb.com/2017/02/enscripts-currently-offline-being-moved.htmlLance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-14240867044328034562017-06-03T03:55:54.327-07:002017-06-03T03:55:54.327-07:00The download link says page cannot be found.The download link says page cannot be found.Anonymoushttps://www.blogger.com/profile/11956993239920133331noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-52587826123949697112016-06-09T15:39:10.762-07:002016-06-09T15:39:10.762-07:00Which serial number? The physical hard drive seria...Which serial number? The physical hard drive serial number, the disk signature or a volume serial number?Lance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-25979672134834551212016-06-08T19:22:33.382-07:002016-06-08T19:22:33.382-07:00Sir,
Can you please help me in retrieving the ser...Sir,<br /><br />Can you please help me in retrieving the serial number of the parent Hard Disk from registry files retrieved from an image and a way to ascertain whether there is a change in the hard disk. Eswar-4n6https://www.blogger.com/profile/00500738063301169457noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-87892014353602928422016-02-03T10:32:03.394-08:002016-02-03T10:32:03.394-08:00Hi Lee,
Please contact me at the email list above...Hi Lee,<br /><br />Please contact me at the email list above-right so we can discuss and I can understand better exactly what you are trying to accomplish. Lance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-22060520223217615682016-02-03T09:52:31.610-08:002016-02-03T09:52:31.610-08:00Hi Lance, Thanks for the Enscript, I just used it ...Hi Lance, Thanks for the Enscript, I just used it and noticed that it does not look like the Enscript can export files located within a container i.e., Zips and Rars while maintaining the source folder structure. As you know, v6 was able to do this since it mounted containers as virtual folders and it looks this functionality is lost in v7 due to container contents saved in LEFs. Is there a way to modify the Enscript to account for files within these containers and still maintain original folder structure? Our organization is really looking for a solution for this in v7. Best - Lee S. Anonymoushttps://www.blogger.com/profile/00778998736040241696noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-20140272694947499972015-12-10T20:05:25.622-08:002015-12-10T20:05:25.622-08:00You should update your version of EnCase.You should update your version of EnCase.Lance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-85825707792985642072015-12-10T20:02:58.702-08:002015-12-10T20:02:58.702-08:00Hi there, I get an error on running this in Encase...Hi there, I get an error on running this in Encase v7.05<br />"NOPROXY" is an unknown identifier".Seanhttps://www.blogger.com/profile/02266925514803822113noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-50870413118144097872015-11-24T07:58:24.638-08:002015-11-24T07:58:24.638-08:00Hi Brain, email me directly and lets see what I ca...Hi Brain, email me directly and lets see what I can work up for you.<br /><br />lance (@) forensickb (dot) comLance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-15466928918235617612015-11-24T06:56:20.895-08:002015-11-24T06:56:20.895-08:00Hello Lance, Do you have a version of this script ...Hello Lance, Do you have a version of this script that works with unicode characters?Anonymoushttps://www.blogger.com/profile/14817413542248223550noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-79440146824330203252015-05-07T08:43:31.461-07:002015-05-07T08:43:31.461-07:00@AxisForensics - This is an EnCase v6 EnScript.@AxisForensics - This is an EnCase v6 EnScript.Lance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-79115424304966238632015-05-07T08:38:46.503-07:002015-05-07T08:38:46.503-07:00I am getting an error when using this Enscript in ...I am getting an error when using this Enscript in Encase 7. The error indicates that EntryRoot is not a member of CaseClass.AxisForensicshttps://www.blogger.com/profile/13011309685389667112noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-63328809062075347712015-05-07T07:17:23.416-07:002015-05-07T07:17:23.416-07:00I can see the EnScript being handy to get just the...I can see the EnScript being handy to get just the columns you want. For most cases, I prefer to use the "Save As" option directly above the "Column" option you highlighted. I can get everything there, filter by rows checked, and then manipulate the exported csv as needed after the fact (in Excel). Thanks Lance!Anonymoushttps://www.blogger.com/profile/00923403077647394062noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-67722839698590551042015-04-10T09:39:11.974-07:002015-04-10T09:39:11.974-07:00Sorry, I am not sure I understand what you are ask...Sorry, I am not sure I understand what you are asking?Lance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-86668401973174133162015-04-10T08:56:00.429-07:002015-04-10T08:56:00.429-07:00What filters does EnCase not support?What filters does EnCase not support?Suprman23https://www.blogger.com/profile/02525572766796915022noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-70996254468779222052015-03-31T13:36:18.922-07:002015-03-31T13:36:18.922-07:00Hi Brian,
Can you contact me at lance (at) forens...Hi Brian,<br /><br />Can you contact me at lance (at) forensickb (dot) com? <br /><br />LanceLance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-88672539235695082662015-03-31T08:43:52.471-07:002015-03-31T08:43:52.471-07:00This comment has been removed by the author.Lance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-21856844976092459642015-03-31T08:40:03.840-07:002015-03-31T08:40:03.840-07:00Hello Lance,
Can you direct me to Encase 6 versio...Hello Lance,<br /><br />Can you direct me to Encase 6 version of this script? Also, do you have or know of a script that takes a list of files and their full paths and tags them within the case?<br /><br />Thanks,<br />BrianAnonymoushttps://www.blogger.com/profile/14817413542248223550noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-7307642990249260402015-02-19T10:54:33.016-08:002015-02-19T10:54:33.016-08:00Camila - yes, but I would need to know the context...Camila - yes, but I would need to know the context of what you are trying to accomplish. contact me directly at lance (at) forensickb.comLance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-75748472105869599962015-02-19T10:52:40.307-08:002015-02-19T10:52:40.307-08:00Hello,
Is there a way to Write the "FirstChil...Hello,<br />Is there a way to Write the "FirstChild" or the "LastChild" in the Version 7 of the EnCase?<br /><br />thanksCamila Fagundeshttps://www.blogger.com/profile/10510771418835535533noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-50758759274631370422014-12-16T17:32:59.452-08:002014-12-16T17:32:59.452-08:00Check the EnScript help file. There is example cod...Check the EnScript help file. There is example code in there.Lance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-71880659778763147032014-12-16T17:20:44.804-08:002014-12-16T17:20:44.804-08:00I'm trying to figure out how to create an LEF ...I'm trying to figure out how to create an LEF with enscript, do you have any tutorials on how to do that?kalapakimhttps://www.blogger.com/profile/15443626227485265812noreply@blogger.comtag:blogger.com,1999:blog-1746946614390371171.post-35599659244495404402014-10-05T09:48:49.514-07:002014-10-05T09:48:49.514-07:00@braves - Not sure why you would want to export ha...@braves - Not sure why you would want to export hash values out of EnCase into a text file and then re-import them, since you can make a hash set natively inside EnCase, but if you are doing it for testing purposes, EnCase exports data in Unicode. Therefore, make sure the data you want to import via the EnScript is in ANSI.Lance Muellerhttps://www.blogger.com/profile/15789264000499223230noreply@blogger.com