-
755 items
1 item
10 item
10 item
169 item
88 item
229 item
239 item
13 item - For developers
This script is designed to populate the SAM Users folder of the current case’s Secure Storage tab with an entry for each user and group account in the current Windows Active Directory domain.
Given that the script achieves this using LDAP, the examiner’s workstation must belong to the domain in question. It must also have network connectivity and the examiner must be logged into the workstation as an authenticated domain user. That said, there is no reason why the case cannot be transferred to an off-domain workstation once the account entries have been created.
As per the following article, the default LDAP policy limits a domain controller from returning more than 1,000 results:
In order to overcome this, the script will instruct the server to return the results as a sequence of one or more pages each one being no more that 100-records in size. This can be increased to a maximum of 999-records per page. Alternatively, paging can be disabled by setting the page-size to zero.
The LDAP filter used by the script can be modified by the examiner so as to fine-tune the records that are returned. The default query is as follows:
(|(objectCategory=person)(objectCategory=group))Changes to the default filter criteria are made at the examiner’s own risk - the script’s author makes no commitment to responding to queries in this regard.
Please note that the Secure Storage tab may need to be closed and re-opened to see the newly-created entries.
Feedback is provided via the console window.
This script was developed for use in EnCase training. For more details, please click the following link:
By default, this version uses a paged LDAP query to accommodate a larger number of Active Directory accounts.
Tested with EnCase 25.1.0.64.
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox