Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

PE Examiner

This script will parse single or multiple selected .exe files and provide all information encoded into the PE (COFF) header such as compile date, characteristics, and entry points (RVA). You can also run this script on a memory dump or unallocated space and it will locate and parse found PE headers as well across the whole of the searched space. It provides the offset to the PE header found as well as all information encoded into header.

Download Now



Version: 7.1.0
Tested with:
EnCase Forensic 7.06
Developer: Casimer Szyper
Category: Artifact

4147 DOWNLOADS

YOU MAY ALSO LIKE

Artifact

WebCacheV01.dat Internet History Decoder

This EnScript parses Internet history data from WebCacheV01.dat files. This includes the Internet history data generated by the Microsoft Internet Explorer and Edge web-browser programs.
By Simon Key
7449 Downloads
App
Artifact

ShellBags Parser

Parses recent-folder view settings maintained by the Microsoft Windows operating system.
By Simon Key
141 Downloads
App
Artifact

User Assist Registry Value Decoder

Decodes data used by the Microsoft Windows operating system to populate each user's start menu with frequently used applications.
By Simon Key
98 Downloads
App
Artifact

Windows Search Application Data Parser

This script parses data maintained by the Windows search function relating to recently-used applications and documents
By Simon Key
84 Downloads
App