PE Examiner
This script will parse single or multiple selected .exe files and provide all information encoded into the PE (COFF) header such as compile date, characteristics, and entry points (RVA). You can also run this script on a memory dump or unallocated space and it will locate and parse found PE headers as well across the whole of the searched space. It provides the offset to the PE header found as well as all information encoded into header.
Download Now
Version:
7.1.0
Tested with:
EnCase Forensic 7.06
EnCase Forensic 7.06
Developer: Casimer Szyper
Category: Artifact
1124
Downloads
4
Downloads in last 6 months