Howdy all,
At work yesterday and we were trying to make our lives a little easier. We made a few quick registry changes to add a 'Right Click > Verify Image option'.
Only saves a few seconds, but it's the little things in life. Also only tested on Windows 7 Pro. Anyway on to the good stuff.
First download FTK imager CLI if you haven't already.
Next add the ftkimager.exe to your windows path.
Finally make the following registry changes, or you can download the reg file
[HKEY_CLASSES_ROOT\.e01]
@="EnCaseEvidenceFile"
[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify]
@="Verify Image"
[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify\command]
@="cmd /c echo \"%1\" & ftkimager.exe --verify \"%1\" &pause"
and the final result
think of all the seconds you'll save!
Adam.
Super useful! Thank you for sharing. )
That is a great idea. Thanks for sharing.
Along the same line, I use the right-click to setup case folder structure.
The registry entries below can be saved to a file called setup.reg and double clicked to install.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Directory\shell\SetupCase]
@="Setup New Case"[HKEY_CLASSES_ROOT\Directory\shell\SetupCase\command]
@="\"C\\Cases\\Scripts\\CaseSetup.bat\" \"%1\""
The C\Cases\Scripts\CaseSetup.bat file contents is a very simple for loop that creates basic directories for consistent folder setup. It makes it easier to start a case.
for %%i in ( Evidence Export Index Temp Report Backup Notes ) do mkdir %1\%%i
Note After setup, right-click on the folder on the left pane in Windows Explorer to see the menu option. The directories will be created under that folder. Of course, you can customize the batch file and run any commands this way.
Thanks guys, hope it helps. I have been playing around with it a little more. You can in fact use the normal FTK Imager.exe (I.E. not the CLUI version, but the full GUI version) and get the standard FTK imager popup at the end.
Just replace
[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify\command]
@="cmd /c echo \"%1\" & ftkimager.exe --verify \"%1\" &pause"
With
[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify\command]
@="cmd /c \"FTK Imager.exe\" /VerifyImage \"%1\""
That's another good idea zoltandfw!