Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Hacker Offender

This app is designed to discover files that are hidden by rootkits. It will place all detected files into a LEF for further analysis. This may include the malware and additional files deemed important by the attacker. It utilizes the EnCase Servlet to communicate with the OS of a live host through the EnScript API. It compares the filtered list with a full list discovered directly from the $MFT by EnCase. This is called Out-Of-Band processing. Name was derived from a very well-known rootkit called Hacker Defender, but will detect hidden files from any file system based rootkit.

Download Now



Version: 1.2
Tested with:
EnCase Forensic 7.09
Developer: James Habben
Category: Incident Response

8489 DOWNLOADS

YOU MAY ALSO LIKE

Incident Response

MemoryAnalysis

Process Windows, Linux, and OS X memory images and find running processes, parents, create dates, and more.
By Casimer Szyper
12183 Downloads
App
Incident Response

Volatility Reporting Plugin

Volatility 2.4 Standalone executable integration with EnCase for centralized reporting of memory forensic results through the use of bookmarks.
By John Lukach
8683 Downloads
App
Incident Response

VirusShare.com Hash Library

VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts samples of malicious code.
By John Lukach
8365 Downloads
App
Incident Response

Team Cymru Malware Hash Registry Search

Review evidence files to assist in learning if any might correspond to malware.
By Jeffrey Savoy
8068 Downloads
App