Saturday, December 20, 2008

MemScript

Just wanted to cross post about a blog I recently posted on MANDIANT's blog site. I will not go into the details and let you read it but the topic is about MemScript. MemScript is an EnScript that integrates EnCase, Memoryze and Audit Viewer. Check out the post here.

MemScript Blog at M-unition

It has almost been a year since my last post but I hope to keep it more up to date if my work schedule allows for it. While out and about I noticed some bugs in my current EnScripts that I fixed. The first deals with the Prefetch Analysis EnScript. If the file executed did not have an extension of .exe the bookmark for showing the location of the executable would be mangled. This bug is now fixed. You can get the updated version below.

Prefetch Folder Analysis

I am hoping to clean up some of the EnScripts I made for actual work use and get them out during the holidays. For convience sake I have also attached the MemScript to this post, get it below.

MemScript

1 comment:

S.S. said...

Just tried on Memory Dumps made live via Encase Enterprise 6.11.2 and it worked like a champ with Memscript + Memoryze + AuditViewer.

Thanks for sharing.

S.S.