Endpoint Investigator Snapshot Scanner
This script is designed to validate the prescence of EnCase Endpoint Investigator agents running on multiple endpoints.
The script does not persist a connection to each endpoint and returns only the agent-status and basic system/network-information. Accordingly, it is much faster than performing regular snapshots.
In order to use this script, the role chosen must have the Snapshot Scanner permission. Note that because the data contained in the resultant snapshots is limited, the script is not restricted by the network-permissions assigned to that role.
The script does not deduplicate IPs and hostnames automatically. The user must do so manually otherwise the script may scan endpoints more than once.
The IP-addresses in a range should be separated by a single '>' character.
Progress can be monitored using the console and status-bar. Output is by way of snapshots in the Bookmarks tab.
A snapshot will only be created if the scan-result is definitive, i.e., when a connection can be made or the network reports that the endpoint is unreachable. A snapshot won't be created in cases where the endpoint fails to respond.
For additional information, please see the following Twitter post:
This script was developed for use in EnCase training. For more details, please click the following link:Download Now