Extend the power of EnCase® with EnCase apps and tap into the expertise of our community of expert EnScript® developers. EnCase apps save you time and money in your investigations and will help you make your case—faster!

ShellBags Parser

This EnScript is designed to parse shellbag Registry data from NTUSER.DAT and
USRCLASS.DAT Registry hive-files. The script has been tested with data from Windows Vista, Windows 7 and Windows 8.1. The script does not support Windows XP.

App of the Month

VSS Examiner

This is a Volume Shadow-Copy Service (VSS) examination EnScript designed for EnCase V7 (a separate version for EnCase V6 is available from the GSI Support Portal). The examiner uses the script by first mounting a target disk/volume using the EnCase Physical Disk Emulator noting the volume(s) that have been mounted and then running the script.

ThreatGRID Malware Analysis
and Intelligence for EnCase

ThreatGRID Malware Analysis and
Intelligence for EnCase® provides direct integration with ThreatGRID, the first unified malware analysis and threat intelligence solution.

Partner of the Month

DS_Store Parser

Parse Apple .DS_Store files and find such information as the original path of items in the Mac OS X Trash folder.





VSS Examiner

Quickly and easily identify and preserve data of interest in Microsoft Windows volume shadow copies.





Copy Web Browser Files

A script to search for and copy/export web browser history and cache files to a folder for analysis using 3rd party tools.





Entry Bookmarker

This script will bookmark in groups all blue checked entries by evidence file, year, month, day, weekday, and session.


Low Hanging Fruit

Export unique hashes for all entries that are unknown to NIST.



Messenger Protocol Fragments

Search for MSN and MSN Live Messenger protocol fragments. In many cases, this app can retrieve important protocol data even when chat logging is disabled.

Windows Executable Packer Detection

Analyze Windows executables and detect modification by a packer or cryptor.