Pages

Friday, December 30, 2011

EnScript Resources

Every once in a while I get a query about EnScript programming, specifically if there are any books or online material available for it. So I have listed out a few good links to sites that have tutorials for EnScript that should get you started. Additionally keep watching this space and I will keep posting material (samples, tutorials) here too.

Resource 1: Lance Mueller’s now closed site (it’s still online but no more updates/comments will be posted)

Resource 2: My good friend Jon Stewart’s blog

Interestingly Lance is not a programmer and Jon on the other hand is a hardcore programmer. And I have had the pleasure of working with both these fine gentlemen for a number of years and they’ve done some excellent work with scripts.

There are some other people too that have posted EnScripts or Enpacks for free, these sites do not have any tutorials.

42 LLC's blog
Geoff Black's Forensic Gremlins
Takahiro Haruyama's blog - Most of the site is in Japanese but easy to follow
ForensicZone
Paul Bobby's blog

In addition, the guidance portal too has some publicly submitted scripts, but it is not an open forum.

If you are wondering what the heck EnScript is, it is a programming language with an API into Encase’s functionality; Encase is the most widely used commercial forensic tool and EnScript cannot be compiled or run without Encase.


2 comments:

  1. Hello,
    Can you guide me how to retrieve the hard disc manufacturer details like make model and serial number from the registry and other artifacts retrieved from the image of a hard disk.
    Thank You

    ReplyDelete
    Replies
    1. You could look under HKLM\System\ControlSet00X\Enum\ for details of all devices that windows has seen. You may not get ALL the details you are looking for, but you will get most of it. Hard disk serial number is usually not stored.

      Delete