Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Registry Research

from [Andrew Sheldon] Network Security [Permanent Link]
Subject: RE: Registry Research
Date: Mon, 6 Feb 2006 07:20:15 -0000 
The good guys that wrote Windows Secret Explorer (LastBit.cm) have included
the date that certain entries were created/added to keys in the SAM at
least. You may find that bit useful as it can indicate (clock problems
excepted) when an online form was completed/updated or access to a login was
made.


<disclaimer> I've not looked at it in detail though </disclaimer>

Andy

-----Original Message-----
From: keydet89@yahoo.com [mailto:keydet89@yahoo.com] 
Sent: 01 February 2006 19:15
To: forensics@securityfocus.com
Subject: Re: Registry Research

Tim,

Thanks.  I've got code that does that myself...written in Perl, it runs on
any platform that supports Perl...Windows, Linux, Mac, etc.

I'll clarify a bit...I'm not looking for tools to dump the contents of the
Registry, or view them.  I'm not looking so much for a list of keys, as I am
looking for folks who are doing research into forensic analysis of the
Registry, correlation of values/LastWrite times to data from other keys or
from within the file system, etc.

I hope that clears things up a bit.
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Cell phone forensic question, Greg Kelley
Next by Date:  RE: Identification of a Mail Server, Michael Gargiullo
Previous by Thread:  Re: Registry Research, keydet89
Next by Thread:  RE: Registry Research, Harlan Carvey
Indexes:  [Date] [Thread] [Top] [All Lists]