Magnet Forensics – Free Tool: IEF Logical Evidence File Creator for EnCase v7

by

Magnet Forensics has released the Internet Evidence Finder (IEF) Logical Evidence File Creator for EnCase v7. The IEF Logical Evidence File (LEF) Creator is an EnScript designed to create an LEF from a pre-existing IEF case folder. The goal of this EnScript is to allow an examiner who has run IEF separately from EnCase to later incorporate the findings into EnCase v7. Running this EnScript from EnCase v7 creates an LEF that is automatically added into EnCase.

Download the Tool
If you already use IEF you can download IEF Logical Evidence File (LEF) Creator for EnCase v7 directly from the Magnet Forensics website here.

This is the third EnScript released by Magnet Forensics that allows you to integrate IEF into your EnCase workflow. The first one was released in May 2013 and was designed as a stand-alone EnScript for EnCase v6 & v7. You can read the details here.

The second was a module specifically designed to be installed and used as part of the EnCase v7 “Process Evidence” option. You can read more about that EnScript here.

Using the Tool
Let’s assume I have a case where I have run IEF separately from EnCase and searched for Internet artifacts:


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Once IEF is completed, I will be presented with the IEF report viewer screen to review the found artifacts:

Let’s now assume there are some artifacts that IEF found that are relevant and I want to include them in my overall EnCase processing/searching/reporting. I can simply run the EnScript from EnCase v7 and it will ask me to point to the IEF case folder (the folder structure that IEF creates and places all the output files in):

Once I have navigated to and selected an existing IEF case folder, the EnScript will create an LEF in that same folder and then try to add it into the current case.

You can now process/review/search/bookmark any of the artifacts that IEF found when you ran it in a stand-alone mode, but have now incorporated the artifacts into EnCase via a logical evidence file.

As always, I appreciate the feedback, comments or questions.
You can reach me anytime at lance(at)magnetforensics(dot)com

Leave a Comment

Latest Articles

2025 MD-Series Q1 Release Note Highlights
News

2025 MD-Series Q1 Release Note Highlights

ByGMDSOFTApr 23, 2025
AI And eDiscovery: A New Era In Legal Technology
News

AI And eDiscovery: A New Era In Legal Technology

ByCellebriteApr 22, 2025
Forensic Focus Digest, April 18 2025
News

Forensic Focus Digest, April 18 2025

ByForensic FocusApr 18, 2025
S21 Global Alliance Database (S21 GAD): Revolutionising CSAM Investigations With Unmatched Global Intelligence
Articles

S21 Global Alliance Database (S21 GAD): Revolutionising CSAM Investigations With Unmatched Global Intelligence

BySemantics21Apr 17, 2025
Preventative Vs Reactive Approaches To Mental Health In Digital Forensics
ArticlesWell-being

Preventative Vs Reactive Approaches To Mental Health In Digital Forensics

ByForensic FocusApr 17, 2025
Navigating The Twists And Turns Of IP Theft Investigations
News

Navigating The Twists And Turns Of IP Theft Investigations

ByCellebriteApr 17, 2025