Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Item Ancestor Resolution

This script allows the examiner to identify the ancestors of items listed in a given result-set.

This makes it possible, for example, to identify the e-mail that has a compound-file attachment containing files of interest. This will allow the e-mail to be bookmarked and/or extracted.

The script works by scanning the current case and determining the relationships between primary devices (typically evidence files) and the mounted volumes they contain.

This information is stored in a SQLite database, which is then used to construct a tree showing the path to each target item starting with the source-entry on the primary device.

The tree will be presented to the examiner so that he/she can choose the ancestors that should be added to the result-set that will be created by the script.

The path of each source-file on the primary device will be shown in the description column.

The examiner should be aware that the script may take some time to finish particularly if there are many items to process; also if there a large number of mounted volumes in the case.

Download Now



Version: 1.0.3
Tested with:
EnCase Forensic 8.05
Developer: Simon Key
Category: Utility

4768 DOWNLOADS

YOU MAY ALSO LIKE

Utility

SQLite Blob Extractor

This script is designed to extract BLOB-data from SQLite database files.
By Simon Key
219 Downloads
App
Utility

View SQLite With WAL Plugin

Allows SQLite database files to be opened in conjunction with any write-ahead log (WAL) file.
By Simon Key
126 Downloads
App
Utility

Volatility Plugin

This EnScript is designed to facilitate easier use of Volatility in EnCase. It can be configured for any number of Volatility plugins and supports multithreading.
By Simon Key
91 Downloads
App
Utility

Registry Viewer Plugin

This script allows the examiner to to use a right-click context-menu-option or keyboard shortcut to view Registry hive files (SYSTEM, SOFTWARE, SECURITY, SAM, NTUSER,DAT, etc.).
By Simon Key
50 Downloads
App