Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Hacker Offender

This app is designed to discover files that are hidden by rootkits. It will place all detected files into a LEF for further analysis. This may include the malware and additional files deemed important by the attacker. It utilizes the EnCase Servlet to communicate with the OS of a live host through the EnScript API. It compares the filtered list with a full list discovered directly from the $MFT by EnCase. This is called Out-Of-Band processing. Name was derived from a very well-known rootkit called Hacker Defender, but will detect hidden files from any file system based rootkit.

Download Now

Download Now


Version: 1.2
Tested with:
EnCase Forensic 7.09
Developer: James Habben
Category: Incident Response

55 Downloads in last 6 months