Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Endpoint Security Registry Value Extractor

This script is designed to extract Registry values from one or more result-LEFs created by EnCase Endpoint Security. It  will process all Lx01 and L01 evidence files in the folder specified by the user. Sub-folders will be processed as a matter of course.

An internal condition is used to identify the target Registry values. This allows multiple values to be targeted. It also allows GREP to be used for wildcard searching.

The condition must have at least one selected term. Also, the root value ("Registry Values") should not be included when testing the FullPath property.

Please note that the script only supports the following Registry value-types:

  • REG_SZ

The script's condition includes the following Registry path as an example:


Output is by way of a tab-delimited spreadsheet file. This will have a *.csv extension for compatibility with Microsoft Word.

Progress can be monitored via the console window.

This script was developed for use in EnCase training. For more details, please click the following link:

Download Now

Download Now


Version: 2.0
Tested with:
EnCase 23.4
Developer: Simon Key
Category: Utility

8 Downloads in last 6 months