Create Result Set Excluding Unwanted Items
This app creates a result-set from user-specified items excluding those items that match hash-items with a 'Known' category in the current hash-library. The script's built-in condition can be used to exclude additional items that have certain file-types, file-extensions, file-paths, file-names, etc. The examiner can opt to split the output into multiple result-sets that are grouped according to file-category or file-extension.
Resolving matching hash-items can take some-time. That said, having sorted or filtered entries by way of hash category prior to running this script will speed the process considerably. Note that this optimization applies only to EnCase V7.09 or later.
This script was developed for use in EnCase training. For more details, please click the following link:
Download Now