ENSCRIPT

PROGRAMMING
Syllabus

Day 1 Day 2
Day one begins with a brief session addressing any questions Day two begins with a review of day one’s activities and then
generated as a result of reviewing the EnScript® Fundamentals continues with instruction on how to interpret the results of the
material, which the students should have done prior to class. System Profile and Analysis module. Next the students will learn
After that, tuition launches right into instruction on creating how to use the Sweep Enterprise function to capture volatile data
EnScript® applications to complete common case examination from machines anywhere on the network. The network-enabled
functions. The students will complete a practical exercise, incident response will continue with Entropy Near-Match Analyzer
allowing them to put to use the newly learned techniques. to locate and identify like binaries on the network. The students
will then learn how to use the remediation capabilities that are
The information covered on day one includes:
part of EnCase Cybersecurity, about incident-response techniques
• Working with case data
and considerations, and how to remediate identified malware.
• Understanding how to iterate open cases and the entries
that they contain The information covered on day two includes:
• How to use the EnScript® language to identify highlighted
• Learning to create and use EnScript programs to instigate
data within the current case
searching and bookmarking operations
• Working with file data
• Working with compound files
• Learning to read data associated with entries and records
in the current case • Mounting Microsoft Word docx files as collections of zipped
• Reading string data XML streams
• Writing data to the local system • Searching for XML values with a specific name and path
» Opening files • Bookmarking XML data of note
» Creating folders • Working with logical evidence files
» Writing string data to files • Opening logical evidence files
• Bookmarking • Understanding logical evidence file options
• Creating bookmark folders • Storing data in logical evidence files using a particular path
• Working with different bookmark types
» Note bookmarks
» Item bookmarks
» Text bookmarks
» Decode bookmarks
» Data bookmarks
• Bookmarking XML Data
 Day 3
Day three begins with instruction on examining Windows
Registry data and continues with tuition on how EnScript
programming can provide access to SQLite database content.
During the final lesson of the day the students will learn how
to create custom lists through EnScript programming. The day
concludes with a practical exercise.
Day 4
Day four begins with instruction on how to create result sets,
which allow the examiner to identify items of potential interest
regardless of whether those items are records or entries.
The final lesson of the course provides the students with an
understanding of the purpose and use of dialog boxes within
EnScript programming.

The information covered on day three includes: The information covered on day four includes:
• Examining Windows Registry data • Creating result sets
• Accessing system-wide Registry hive files (SAM, Security, • Building dialog boxes
Software, System, etc.) • Understanding dialog-box basics
• Reading user-specific Registry data » Multi-tabbed dialog boxes
• Finding Registry data given a specific name/path » Wizard dialog boxes
• Working with SQLite database files • Understanding virtual methods/functions
• Querying SQLite data • Using different dialog controls
• Writing SQLite data to a tab-delimited spreadsheet • » Buttons
• Creating and bookmarking custom lists » String-edit controls
• Understanding and inheriting NodeClass and » Path-edit controls
NameListClass to create custom lists » Enumerated-value edit controls
• Creating custom HandlerClass objects to bookmark • Handling events
custom-list data • Validating user-input

About Guidance Software

At Guidance, we exist to turn chaos and the unknown into order and the known—so that companies and their customers can go about their daily lives as usual without
worry or disruption, knowing their most valuable information is safe and secure. Makers of EnCase®, the gold standard in digital investigations and endpoint data security,
Guidance provides a mission-critical foundation of applications that have been deployed on an estimated 25 million endpoints and work in concert with other leading
enterprise technologies from companies such as Cisco, Intel, Box, Dropbox, Blue Coat Systems, and LogRhythm. Our field-tested and court-proven solutions are used with
confidence by more than 70 of the Fortune 100 and hundreds of agencies worldwide. Get to know us at guidancesoftware.com.

Guidance Software®, EnCase®, EnScript®, EnCE™, EnCEP™, Linked Review™, EnPoint™ and Tableau™ are trademarks owned by Guidance Software and may not be used without prior
written permission. All other trademarks and copyrights are the property of their respective owners.