EnScript to Catagorize all files by their extension and then provide a count

Several months ago I did an EnScript to count up all the file extensions and then provide a summary of all the extensions and how many files with each extension. You can find that EnScript here.

This EnScript is similar but it makes a bookmark folder for every file extension and then bookmarks each file into the respective file extension folder for quick review.



The number next to the file extension is the number of files that match that extension. You could use this to quickly look at common file extension types or to identify what file extension types are prevalent on a specific system. Depending on how many files you have in your evidence, this may take several minutes to generate (~5 mins for 100,000 files).

Download Here

EnScript to Export files based on extension - Maintain Path and Timestamps

I recently released an EnScript that exports files based on extension, you can see the original post and EnScript here.

Based on a request from Timothy LaTulippe & Dave Kleiman. I have made two modifications. There is now a version that maintains the original timestamps of the exported files. The second version maintains the timestamps and the original export path.

You can download them here:
Export file based on extension & Maintain TimeStamps
Export file based on extension & Maintain TimeStamps & Original Path

EnScript to Export files based on Extension v1.1

A few days ago I posted a blog about a new EnScript I wrote based on a reader's suggestion here.

I have updated this EnScript based on a suggestion from Iain Kenny & Jerry Hatchett to add the feature to de-duplicate exported files based on the hash values. The initial screen now has a check box to perform de-duplication by hash values:



If you check this box, the EnScript will hash every file it exports and if any additional files match the hash values of previous files, the contents will not be exported. Instead, the duplicate file will be created, but the contents will contain the text "DUPLICATE" as well as the path of the ORIGINAL file with the same hash.



The log file "index.csv" will also indicate each file that is a duplicate and list the hash values for all the files.



Download v1.1 Here

EnScript to Export files by extension

A fellow examiner emailed me asking if I could write an EnScript that could be used to quickly export all the existing files in the evidence based just on their file extensions. This would typically be used for eDiscovery type cases.

Below is an EnScript that when run, will present a window asking for two pieces of information. The first is the export folder where you want the files exported to. The second is all the extensions you want to use as the criteria to export the files. You can copy and paste whatever extensions you wish, comma separated:



The EnScript will export all the files with matching extensions (case insensitive) to the folder you specify. A subfolder for each extension is made and the corresponding files are placed into their respective folders:



An index.csv file is made that contains a listing of every file that was exported along with its original path in the evidence and the exported filename. A unique number is appended to each exported file to ensure uniqueness and to avoid one file with the same name as another from overwriting it.




Download Here

Summary report of file types by extension

I received a request from a friend asking if there was an easy way in EnCase to summarize all the file extensions and the number of files for each extension (like in FTK). Sounded like a useful EnScript.. ;)

The following EnScript will create a list of all the file extensions as EnCase sees them and then counts the number of files in each extension group. The output is printed to the CONSOLE tab. In addition, a file is created in the default export folder named "File Count by extension.csv" that can be opened in Excel for sorting and additional formatting.

Download Here

** I have posted the readable .EnScript version of this script as a learning exercise since this EnScript is pretty simple, easy to follow along and a good one to learn from.