Join Us!

Notifications
Clear all

Right Click > Verify Image  

  RSS
4144414D
(@4144414d)
Junior Member

Howdy all,

At work yesterday and we were trying to make our lives a little easier. We made a few quick registry changes to add a 'Right Click > Verify Image option'.

Only saves a few seconds, but it's the little things in life. Also only tested on Windows 7 Pro. Anyway on to the good stuff.

First download FTK imager CLI if you haven't already. Link

Next add the ftkimager.exe to your windows path. Guide if you're unsure

Finally make the following registry changes, or you can download the reg file here.


[HKEY_CLASSES_ROOT\.e01]
@="EnCaseEvidenceFile"

[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify]
@="Verify Image"

[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify\command]
@="cmd /c echo \"%1\" & ftkimager.exe --verify \"%1\" &pause"

and the final result

think of all the seconds you'll save!

Adam.

Quote
Posted : 01/05/2015 2:13 pm
Chris_Ed
(@chris_ed)
Active Member

Super useful! Thank you for sharing. )

ReplyQuote
Posted : 01/05/2015 2:57 pm
zoltandfw
(@zoltandfw)
Junior Member

That is a great idea. Thanks for sharing.

Along the same line, I use the right-click to setup case folder structure.

The registry entries below can be saved to a file called setup.reg and double clicked to install.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\SetupCase]
@="Setup New Case"

[HKEY_CLASSES_ROOT\Directory\shell\SetupCase\command]
@="\"C\\Cases\\Scripts\\CaseSetup.bat\" \"%1\""

The C\Cases\Scripts\CaseSetup.bat file contents is a very simple for loop that creates basic directories for consistent folder setup. It makes it easier to start a case.

for %%i in ( Evidence Export Index Temp Report Backup Notes ) do mkdir %1\%%i

Note After setup, right-click on the folder on the left pane in Windows Explorer to see the menu option. The directories will be created under that folder. Of course, you can customize the batch file and run any commands this way.

ReplyQuote
Posted : 02/05/2015 10:16 am
4144414D
(@4144414d)
Junior Member

Thanks guys, hope it helps. I have been playing around with it a little more. You can in fact use the normal FTK Imager.exe (I.E. not the CLUI version, but the full GUI version) and get the standard FTK imager popup at the end.

Just replace

[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify\command]
@="cmd /c echo \"%1\" & ftkimager.exe --verify \"%1\" &pause"

With

[HKEY_CURRENT_USER\Software\Classes\EnCaseEvidenceFile\shell\Verify\command]
@="cmd /c \"FTK Imager.exe\" /VerifyImage \"%1\""

That's another good idea zoltandfw!

ReplyQuote
Posted : 06/05/2015 11:35 pm
Share: