±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35742
New Yesterday: 3 Visitors: 105

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Right Click > Verify Image

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

4144414D
Member
 

Right Click > Verify Image

Post Posted: May 01, 15 13:13

Howdy all,

At work yesterday and we were trying to make our lives a little easier. We made a few quick registry changes to add a 'Right Click > Verify Image option'.

Only saves a few seconds, but it's the little things in life. Also only tested on Windows 7 Pro. Anyway on to the good stuff.


First download FTK imager CLI if you haven't already. Link

Next add the ftkimager.exe to your windows path. Guide if you're unsure

Finally make the following registry changes, or you can download the reg file here.

Code:
[HKEY_CLASSES_ROOT\.e01]
@="EnCaseEvidenceFile"
 
[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify]
@="Verify Image"
 
[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify\command]
@="cmd /c echo \"%1\" & ftkimager.exe --verify \"%1\" &pause"

and the final result:




think of all the seconds you'll save!

Adam.  

Last edited by 4144414D on May 06, 15 22:42; edited 2 times in total
 
  

Chris_Ed
Senior Member
 

Re: Right Click > Verify Image

Post Posted: May 01, 15 13:57

Super useful! Thank you for sharing. Smile  
 
  

zoltandfw
Member
 

Re: Right Click > Verify Image

Post Posted: May 02, 15 09:16

That is a great idea. Thanks for sharing.

Along the same line, I use the right-click to setup case folder structure.

The registry entries below can be saved to a file called setup.reg and double clicked to install.
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\SetupCase]
@="Setup New Case"

[HKEY_CLASSES_ROOT\Directory\shell\SetupCase\command]
@="\"C:\\Cases\\Scripts\\CaseSetup.bat\" \"%1\""


The C:\Cases\Scripts\CaseSetup.bat file contents is a very simple for loop that creates basic directories for consistent folder setup. It makes it easier to start a case.

for %%i in ( Evidence Export Index Temp Report Backup Notes ) do mkdir %1\%%i


Note: After setup, right-click on the folder on the left pane in Windows Explorer to see the menu option. The directories will be created under that folder. Of course, you can customize the batch file and run any commands this way.  
 
  

4144414D
Member
 

Re: Right Click > Verify Image

Post Posted: May 06, 15 22:35

Thanks guys, hope it helps. I have been playing around with it a little more. You can in fact use the normal FTK Imager.exe (I.E. not the CLUI version, but the full GUI version) and get the standard FTK imager popup at the end.


Just replace:
Code:
[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify\command]
@="cmd /c echo \"%1\" & ftkimager.exe --verify \"%1\" &pause"

With:
Code:
[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify\command]
@="cmd /c \"FTK Imager.exe\" /VerifyImage \"%1\""


That's another good idea zoltandfw!  
 

Page 1 of 1