Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Windows Event Log Export

This EnScript searches for pre-vista event log files (*.evt) and checks if they are flagged dirty. If the files are determined to be dirty if the floating header is located by searching for the byte pattern 0x11111111 22222222 33333333 44444444 and the data from the floating header is written in place of the 'dirty' file header. The dirty flag is reset to 0x00 and the files are copied to the export folder given." If an event log file is determined to be not 'dirty' then the file is copied to the export directory as is.

Download Now



Version: 1.3
Tested with:
EnCase Forensic 7.05
Developer: James Habben
Category: Artifact

4826 DOWNLOADS

YOU MAY ALSO LIKE

Artifact

WebCacheV01.dat Internet History Decoder

This EnScript parses Internet history data from WebCacheV01.dat files. This includes the Internet history data generated by the Microsoft Internet Explorer and Edge web-browser programs.
By Simon Key
7449 Downloads
App
Artifact

ShellBags Parser

Parses recent-folder view settings maintained by the Microsoft Windows operating system.
By Simon Key
141 Downloads
App
Artifact

User Assist Registry Value Decoder

Decodes data used by the Microsoft Windows operating system to populate each user's start menu with frequently used applications.
By Simon Key
98 Downloads
App
Artifact

Windows Search Application Data Parser

This script parses data maintained by the Windows search function relating to recently-used applications and documents
By Simon Key
84 Downloads
App