Computer Forensics: RE: Registry Research

Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Computer Forensics Computer-Forensics

[Top] [All Lists]

RE: Registry Research

from [Harlan Carvey] Network Security

[Permanent Link]

Subject:	RE: Registry Research
Date:	Mon, 6 Feb 2006 04:08:14 -0800 (PST)

Andrew,

The good guys that wrote Windows Secret Explorer
(LastBit.cm) have included
the date that certain entries were created/added to
keys in the SAM at
least. You may find that bit useful as it can
indicate (clock problems
excepted) when an online form was completed/updated
or access to a login was made.


Thanks, but I've been retrieving the LastWrite times
from Registry keys for some time now.  I'm looking to
go beyond that.

Thanks,

Harlan

------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Registry Research, keydet89 RE: Registry Research, Andrew Sheldon RE: Registry Research, Harlan Carvey <= Re: Registry Research, Harlan Carvey

Previous by Date:	Re: Identification of a Mail Server, willdamn
Next by Date:	RE: Cell phone forensic question, Greg Kelley
Previous by Thread:	RE: Registry Research, Andrew Sheldon
Next by Thread:	Re: Registry Research, Harlan Carvey
Indexes:	[Date] [Thread] [Top] [All Lists]