Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Hacker Offender

This app is designed to discover files that are hidden by rootkits. It will place all detected files into a LEF for further analysis. This may include the malware and additional files deemed important by the attacker. It utilizes the EnCase Servlet to communicate with the OS of a live host through the EnScript API. It compares the filtered list with a full list discovered directly from the $MFT by EnCase. This is called Out-Of-Band processing. Name was derived from a very well-known rootkit called Hacker Defender, but will detect hidden files from any file system based rootkit.

This script was developed for use in EnCase training. For more details, please click the following link:

Download Now

Download Now


Version: 1.2
Tested with:
EnCase Forensic 7.09
Developer: James Habben
Category: Incident Response

14 Downloads in last 6 months