Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Known _met Search and Parse

This EnScript will search all tagged items for known.met record fragments from eMule 0.5. If these records are found it will parse the records and the output will be to a tab delimited file in the default case export folder for further analysis in Excel or other spreadsheet application.

This is designed to parse known .met records recovered from a search of tagged entries.  It was written based on the file tags used in the known.met from eMule version .50 MorphXT.  It is intended to be used to carve out known.met record fragments from unallocated or slack to 'Triage' eMule activity on the drive(s). Since Unallocated space or Slack space data can run into sector boundries or have data overwritten  the data reported may contain inaccurate information and must be confirmed by manual examination of the 'Hit' using the Hit File Name and Hit Offset information in the output file.  The output file will be located in the case Export Folder titled 'known_met Record Search Results.txt'. This file is in Tab Delimited format so that it can be opened with Excel or any other application that handles Tab Delimited files.

Download Now



Version: 1.0.0
Tested with:
EnCase Forensic 7.05
Developer: William Lynn
Category: Utility

7682 DOWNLOADS

YOU MAY ALSO LIKE

Utility

SQLite Blob Extractor

This script is designed to extract BLOB-data from SQLite database files.
By Simon Key
219 Downloads
App
Utility

View SQLite With WAL Plugin

Allows SQLite database files to be opened in conjunction with any write-ahead log (WAL) file.
By Simon Key
126 Downloads
App
Utility

Volatility Plugin

This EnScript is designed to facilitate easier use of Volatility in EnCase. It can be configured for any number of Volatility plugins and supports multithreading.
By Simon Key
91 Downloads
App
Utility

Registry Viewer Plugin

This script allows the examiner to to use a right-click context-menu-option or keyboard shortcut to view Registry hive files (SYSTEM, SOFTWARE, SECURITY, SAM, NTUSER,DAT, etc.).
By Simon Key
50 Downloads
App