I'm excited to release version 0.3.05 of PTFinder to the public. This version fixes an endianess issue. It provides support for dumps that where obtained while under the effect of the Intel Physical Address Extension (PAE). Also there's a ready-to-run binary available for the Microsoft Windows platform.
Guidance Software's EnCase provides the forensic examiner with a powerful scripting language, called EnScript. Beside the vendor-operated fora there's not much information about EnScript circulating in the net. A blog by Lance Mueller fills some need here.
10/18/2011: Unfortunately Lance Mueller has decided to close his blog. The content will be accessible, though.
I have overhauled PoolFinder and the accompanying tools. The tools now use a SQLite data base instead of flat files for exachanging data. An experimental package now provides stand-alone versions of the tools, along with an embedded Perl interpreter.
