Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Ares and Lime Pro Registry Report

APPS | Artifact

This script will find NTUSER.dat files and extract the subkeys [\Software\Ares] and [\Software\Lime Pro] into two bookmarks. It will also interpret a number of known values and decrypt some values that are encrypted.

Note that bookmarks will only be created for NTUSER.dat files that have at least one of the above Registry keys.

Research by Matt McFadden and James Habben. Originally written by James Habben.

This script was developed for use in EnCase training. For more details, please click the following link:

OpenText EnCase Training

Download Now

DISCUSSION BOARD

FAQ

Version: 2.0

Tested with:
EnCase Forensic 7.08

Developer: Simon Key

Category: Artifact

50 Downloads

4 Downloads in last 6 months