500
EnCase Forensic Version 6.11 Userʹs Guide
EnScript Debugger
The EnScript debugger allows EnScript programmers to conduct runtime debugging of their
programs.
After you create a project for the target EnScript program, the Start Debugging functionality is
enabled:
Debugging disabled (no project for the currently selected EnScript program):
Debugging enabled (there is a project for the currently selected EnScript program).
When you click Start Debugging, the debugger starts and opens four new tabs in the View
Pane.
These tabs keep track of:
currently running threads
local variables (Locals) at the current breakpoint
library dependencies
breakpoint locations associated with the EnScript program
You can set breakpoints within your code. EnScript stops when it reaches a breakpoint during
runtime. Use the right‐click menu to set a breakpoint.
EnScript Analysis
501
If you prefer, you can set breakpoints by left‐clicking on the line number of the code.
Once you set a Breakpoint, the Start Debugging button runs the EnScript program, which will
stop at the Breakpoint. While stopped, you can analyze the runtime information in the new tabs
in the View Pane.
502
EnCase Forensic Version 6.11 Userʹs Guide
Help for EnScript Modules
The Case Processor, Sweep Enterprise, and Scan Local Machine screens contain a Help button or
Help section for each available module.
EnScript Analysis
503
EnScript File Mounter
The File Mounter program catalogs the contents of selected compound files (for example, .zip
files). This produces a listing of the items in the compound file, not the actual file contents. The
program duplicates the structure of compound files into Log Record bookmarks.
You define the types of files to process and the criteria. You can select file types by file extension
or signature.
You can choose to mount them persistently (leaving them mounted after the conclusion of the
EnScript program) or non‐persistently. The non‐persistent option returns them to their
unmounted state when the EnScript File Mounter program completes. Other options include:
The ability to create a Logical Evidence File (LEF) that includes the contents of all
mounted files
Creating a keyword search of the targeted files
All files having at least one keyword hit will be mounted persistently and their corresponding
search hits display in the Search Hits tab.
Certain Microsoft Office documents are considered compound files. You can parse their
metadata and search it. For example, you can locate and bookmark Microsoft Word document
metadata (edit times, page numbers, word counts, etc.). File Mounter bookmarks Authors as text
and Edit Times as dates.
504
EnCase Forensic Version 6.11 Userʹs Guide
Include EnScript
The Include folder contains common program code shared by other higher‐level EnScript
components. These scripts are not executed independently. They are meant to be used or
included in other scripts.
Right now, there are nearly 100 include files in this software. They are stored by default in
C:\Program Files\EnCase\EnCase\EnScript\Include
. They can, however, be stored in
another folder within
...\EnScript\
. An EnScript developer creating new include files to
work with new EnScript component can create a new folder and place the new include programs
there.
Once the new folder is created, EnCase
®
applications must know of its location.
1.
Click Tools > Options > EnScript to see the Options dialog.
2.
Change the Include Path field entry to reflect the new include folder location.
Note: Add only the folder name, not the complete path.
EnScript Analysis
505
EnScript Help
There are currently two sources of information about EnScript programs.
Help > EnScript Help
View > EnScript Types
EnScript Types
EnScript types reference resources containing the EnScript language classes. Perusing these
types provides information about EnCase classes and functions.
Click View > EnScript Types
The Tree pane contains a list of the classes. Selecting the Report panel of the Table pane displays
a read‐only description of the selected class.
Packages
Packages are a way to distribute EnScript programs without allowing others to view or modify
the code. This allows for centralized source control, and avoids unwanted code sharing.
Packages are built with the .enpack file extension and function to end users exactly as EnScript
programs. In addition to blocking the code from end users, you can also create license files
specific to license keys, protecting you from unwanted duplication. The license files extension is
.EnLicense.
Package Features
Features that support the packages include:
New Package dialog
Create License dialog
Use the New Package dialog to create, build and edit packages. When building or editing
packages the name of this dialog changes, but the panels and setting remain the same.
Use the Create License dialog to create licenses for a package. The license is assigned the License
Name value on:
The Package panel of the New Package dialog
Edit
dialog
The Build dialog.
Dostları ilə paylaş: |