Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Need for Registry references for forensic analysis

from [keydet89] Network Security [Permanent Link]
Subject: Need for Registry references for forensic analysis
Date: 26 Nov 2005 12:26:49 -0000 
I'm curious as to what sort of information analysts and in particular LEOs are 
looking for in a Windows Registry reference.

Sticking to just 2K+ (including XP and 2K3), I'd like to know:

1.  What are LEOs and analysts looking for?  What format is easiest to use?  
Spreadsheet?  Database?

2.  What kinds of things do you want to know about the keys?  Where they come 
from?  How/when they're created/updated?

3.  Besides MS keys, what other applications are of interest?

4.  What references do you use already?  Are you maintaining a local list?  Do 
you access online references (if so, can you share the links/URLs)?  How 
credible are your references?

I think that there's a need for consolidation, testing/analysis (to verify and 
establish credibility), and a way to make it available to everyone who needs 
it.  Perhaps a way to do with would be to have a central location, maintained 
by one person (or a small group) with requirements for submissions and updates. 
 That way, the list could be available to all, with at least some assurance 
that a process is followed and updates aren't made lightly.

Thoughts?  Submissions?

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
  • Need for Registry references for forensic analysis, keydet89 <=
Previous by Date:  Re: Worm Origin, lists
Previous by Thread:  Re: Worm Origin, lists
Indexes:  [Date] [Thread] [Top] [All Lists]