Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

GigaTribe Download State Information Finder

This EnScript searches for bookmarks and decodes GigaTribe V3 download state information.

Use of the script would be beneficial when investigating a group of users who are using GigaTribe to share files of an illicit nature.

This data is to be found within a file with the same name of file being downloaded but with the added file-extension of '.downloading.state'.

The download-state information contains the GigaTribe URL of the file being dowloaded (including the user-name of the user sharing the file) the size of the file its last-written date the password needed to access the file (if a password was set at a parent folder level) the download state (paused or active) and the download-extent data (usually only present if the download is current and some data has already been downloaded).

The script also reads what appears to be a 4-byte checksum (hash)  which may sometimes be null. The algorithm used to create this hash is not known.

Progress may be monitored via the console.

The script produces a tab-delimited spreadsheet file as well as bookmarks.

Download Now



Version: 1.1.2
Tested with:
EnCase Forensic 8.07
Developer: Simon Key
Category: Artifact

6775 DOWNLOADS

YOU MAY ALSO LIKE

Artifact

WebCacheV01.dat Internet History Decoder

This EnScript parses Internet history data from WebCacheV01.dat files. This includes the Internet history data generated by the Microsoft Internet Explorer and Edge web-browser programs.
By Simon Key
7443 Downloads
App
Artifact

ShellBags Parser

Parses recent-folder view settings maintained by the Microsoft Windows operating system.
By Simon Key
139 Downloads
App
Artifact

User Assist Registry Value Decoder

Decodes data used by the Microsoft Windows operating system to populate each user's start menu with frequently used applications.
By Simon Key
98 Downloads
App
Artifact

Windows Search Application Data Parser

This script parses data maintained by the Windows search function relating to recently-used applications and documents
By Simon Key
84 Downloads
App