Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

PE Examiner

This script will parse single or multiple selected .exe files and provide all information encoded into the PE (COFF) header such as compile date, characteristics, and entry points (RVA). You can also run this script on a memory dump or unallocated space and it will locate and parse found PE headers as well across the whole of the searched space. It provides the offset to the PE header found as well as all information encoded into header.

Download Now

Download Now


Version: 7.1.0
Tested with:
EnCase Forensic 7.06
Developer: Casimer Szyper
Category: Artifact

10 Downloads in last 6 months