[Vol-users] searching registries
hiddenillusion at gmail.com
Tue May 15 19:51:02 CDT 2012
Create a list of the keys/values you want to search and supply them to the 'Printkey' plugin (http://code.google.com/p/volatility/wiki/CommandReference#printkey)
Additionally, depending on what you're searching against you can use Autoruns and parse its contents or if you want a GUI search, try Registry Decoder.
Glenn P. Edwards Jr.
GREM, GCFA, GCIH
On Tuesday, May 15, 2012 at 6:38 PM, Mike Lambert wrote:
> One thing we need to do is search the registries for the keys that autorun malware.
> Does anyone know of a free tool that will do that? I'm currently using Encase to do that but it is and expensive solution.
> Harlan's RegRipper will dump some registry entries and sometimes it works, but it does not search.
> Vol-users mailing list
> Vol-users at volatilityfoundation.org (mailto:Vol-users at volatilityfoundation.org)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Vol-users