This EnScript was developed to generate Digital Forensics XML from EnCase v6. It has only been tested with NTFS file system.
Copy the EnScript in your EnCase Folder (i.e: C:\Program Files\EnCase6\EnScript)
-
Create a new case and load your E01 image in EnCase.
-
Before generating the DFXML output, you need to set the time zone to UTC for the entire case with the "Case Time Settings" dialog.
First, go in the "home" tab and right click on your case. Then select the option "Modify time settings".
Then, unselect "Account for seasonal Daylight Saving Time" and select the UTC time zone.
-
Double click on the EnScript to run it.
-
Data will be exported in the EnCase export folder (i.e: Default is C:\Program Files\EnCase6\Export).
