Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Endpoint Investigator Network Utility Plugin

This plugin, which was previously called the Import Network Nodes Into EE Plugin, provides two utility functions for use with EnCase Endpoint Investigator.

Firstly, the plugin can import one or more network-nodes or IP-ranges from a nominated tab-delimited text-file in MS Windows format.

There should be one entry per line with the following fields -

  • Host-Name/Range-Name/IP-Address

  • Start-IP (range only)

  • Finish-IP (range only)

  • Comment

  • Port

The first field is compulsory; the remainder may be left blank.

The name field may take the form of a path delimited by ‘\’ characters; this will allow the imported network nodes to be organized into a tree-like structure.

Note that it may be necessary to simulate editing one of the nodes in the resultant network layout in order for the newly imported nodes to persist. Without taking this action, refreshing the network layout will result in the newly imported nodes disappearing.

Secondly, the plugin can blue-check network nodes matching a condition provided by the examiner.

Note that:

  • Using this function will, at the very least, deselect any existing blue-checked nodes.

  • Newly checked nodes may not be visible immediately - it’s usually necessary to remove any green check and then expand/contract the network tree first. Even then, it may necessary to shift the focus to another node before the blue-checks will become visible.

  • The Update button should not be clicked as this will remove any selection made by the script or the user.

  • The Name property of each network node is stored as a string, not an IP-address. This is to allow hostnames to be stored in that field. Accordingly IP-range checking is not possible.

  • The plugin will not perform dynamic IP-lookups to determine whether the hostnames of any nodes in the tree resolve to IP addresses specified in the filter.

Please note that this help-text has been formatted using Markdown, so certain characters may have been escaped by a backslash.

This script was developed for use in EnCase training. For more details, please click the following link:

Download Now

Download Now


FAQ

Version: 3.0
Tested with:
EnCase Endpoint Investigator 23.4
Developer: Simon Key
Category: Utility

0 Downloads
0 Downloads in last 6 months