| File | Description |
| IE RecoveryStore Travel Log Spec | IE RecoveryStore & Travel Log Format Specification document |
| IE Travelog Parser | EnScript to extract data from Internet Explorer Travelog and RecoveryStore files. Read more about this artifact in my posts here and here. |
| Hex Decoder Enscript | GUI based EnScript for decoding hex to ascii. Read details here. |
| NTFS Forensics Presentation | Presentation on NTFS Forensics for the open security group "null" |
| Parse XP System Restore change logs - Enscript code | Enscript code for parsing XP System Restore change logs. This file is part of Enscript tutorial 1 |
| Add Folder, Drive or Volume Shadow Copy to LEF | Enscript (compiled in 6.19) that allows you to add any folder, drive or Volume Shadow Copy to an L01. Read the post here |
| Prefetch Parser Enscript | Enscript (compiled in 6.19) that processes application run data from the Prefetch (.pf) files. Script updated for windows 8 pf files. Read the post here |
| Amcache Parser Enscript | Enscript (compiled in 6.19) that processes application run data from the Amcache.hve file. Read the post here |
0 comentarios:
Publicar un comentario