Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Utilities for determining OS, primary user [summary]

from [Michael Edwards] Network Security [Permanent Link]
Subject: Re: Utilities for determining OS, primary user [summary]
Date: Fri, 15 Jul 2005 10:29:15 -0700 
Thanks to all that responded!

I asked for suggested utilities for determining the "primary user(s)" on a large volume of Windows HDDs quickly. By primary user (for clarification, as some asked), they are looking for the person(s) who used the computer in day to day business operations. This will mostly likely be the name on the user account(s) on the computer, with some validation and checking.

Dave Kleiman, Gary Prouse, and Roger Padilla, Jr. all responded recommending the EnCase preview mode, 'Case Initialization' script, which apparently summarizes this information nicely. Also suggested was pulling the registry hive information (another EnCase script).

H. Carvey suggested that Pro Discover is Perl scriptable, and could be customized this way to meet the specific needs. James Washer also replied.

I'm thinking that EnCase will be the way to go. A few further questions did determine that it should not require a lengthy "indexing" process before this information can be gathered - it was estimated that the script would collected the data in about 5-7 minutes per drive, which fits my needs nicely.


--
Michael Edwards

[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Recovering data on a CD-RW, Chris Douglas
Next by Date:  video patterns, LERTI - David Billard
Previous by Thread:  Re: Utilities for determining OS, primary user, keydet89
Next by Thread:  ToorCon 2005 Call for Papers, h1kari
Indexes:  [Date] [Thread] [Top] [All Lists]