Wednesday, May 22, 2013

TeamViewer Log File | EnScript

You don't need any specialized software to parse the TeamViewer Log File. It's just an text file, "notepad.exe" and human interpret is far enough to analyze .

If you like to know more about TeamViewer Artifacts, here is the best link. Click here. Its speaks more about the understanding of log file, and data in Registry hives.

If you are an EnCase user , and your not interested in exporting log file in old way, you can use my EnScript which is exactly an click away. Download Here

RegRipper Supporting Files | EnScript

This is how it starting, RegRipper is not registry hive viewer.

Registry Analysis with RegRipper was always good for me. Apart from waiting for the end of status bar in EnCase, RegRipper does so fast - some forensicator use RegRipper for the cross check purpose.

This is just like the previous post of mine, this script export the RegRipper supporting files which can be useful for Clickers.

And here is the EnScript., Download Here.

After the export is over you can use RegRipper to parse the data. Download Here

Tuesday, May 21, 2013

Volume Shadow Copies EnScript

Its been a long time after my previous post.

Today I was following #ceic @ twitter for things happening around there. Something interesting got into , that's "Volume Shadow".

As most of us know it available in NTFS filesystem,only. If you were interested in knowing the basic of Volume Shadow, click here.

LibShadow can be use to parse the Volume Shadow supporting files. You can download the beta version click here

How to use LibShadow?

youtube is the best player for most of us.

To get all the supporting files, I have written an small EnScript which can help you to get copy from the E01 or RAW from EnCase software.

Download EnScript

Hash value is computed for each supporting file as addon forensic feature, hahahah...!