Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

$Filename Attribute Dates of tagged file(s)

This EnScript will display the (8) eight NTFS time-stamps associated with each tagged file/folder in EnCase. The EnScript looks specifically for the "review" tag and displays the four common time-stamps that are from the Standard Information Attribute (same ones EnCase shows in the table pane). In addition, the four time-stamps stored in the $FILENAME attribute are also displayed for comparison and to help determine if any time-stamp altering tools may have been used.

This EnScript will print out the four (Created, Accessed, Written, Entry Modified) date fields in the Filename Atttribute along with those in the Standard Information Attribute for the purpose of comparing them as an indication that a time-altering tool may have been used.

This EnScript processes any file that is tagged with the "Review" tag and prints the information in the Console tab:

nacl64.exe
Standard Info Attribute Filename Attribute
11/05/12 05:20:20PM 11/05/12 06:20:20PM
10/24/12 12:04:51AM 11/05/12 06:20:20PM
11/05/12 05:20:20PM 11/05/12 06:20:20PM
11/05/12 05:20:20PM 11/05/12 06:20:20PM

Download Now



Version: 1
Tested with:
EnCase Forensic 7.06
Developer: Lance Mueller
Category: Utility

1686 DOWNLOADS

YOU MAY ALSO LIKE

Utility

Copy Web Browser Files

A simple script used to identify all browser history cookie and cache files in a case and copy them out for further processing using 3rd party tools.
By Paul Eric Tew
2525 Downloads
App
Utility

Image Analyzer - 30 Day Free Trial

Free 30 day trial with unlimited image scans – download today and accelerate your investigation. Image Analyzer scans image files within entries and records to identify pornographic content.
By Image Analyzer
145 Downloads
App
Utility

C-TAK (Cyber-Threat Analytics Knowledgebase) Trial Version

C-TAK provides examiners with accurate identification of cyber threats that may directly impact investigations. The C-TAK trial includes Keylogger, Rootkit and Trojan datasets built in.
By WetStone Technologies Inc.
99 Downloads
App
Utility

EnParse - 30-Day Free Trial

30-day free trial of EnParse. Find what is in multiple evidence files at once without full export, prepare useful reports for clients.
By Manishaben Chovatiya
12 Downloads
App