Obtain Service Pack/Patch information quickly in EnCase

In almost every forensic report that I write, I include the OS type, service pack level and patches that have been applied to the OS. This information sets the foundation as to what level of OS is installed and starts to give indications as to what is possible in terms of exploits against this machine.

This is a quick EnScript I wrote to extract this information from the registry and print to the console tab of EnCase so I could copy and paste all or a portion of it into a forensic report.

*note - this currently does not work on Vista

Download Here