[Vol-users] searching registries

Glenn Edwards hiddenillusion at gmail.com
Tue May 15 19:51:02 CDT 2012


Create a list of the keys/values you want to search and supply them to the 'Printkey' plugin (http://code.google.com/p/volatility/wiki/CommandReference#printkey)

Additionally, depending on what you're searching against you can use Autoruns and parse its contents or if you want a GUI search, try Registry Decoder. 

-- 
Glenn P. Edwards Jr.
GREM, GCFA, GCIH


On Tuesday, May 15, 2012 at 6:38 PM, Mike Lambert wrote:

> One thing we need to do is search the registries for the keys that autorun malware. 
>  
> Does anyone know of a free tool that will do that?  I'm currently using Encase to do that but it is and expensive solution.
>  
> Harlan's RegRipper will dump some registry entries and sometimes it works, but it does not search.
>  
> Mike
>  
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org (mailto:Vol-users at volatilityfoundation.org)
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20120515/f33a06b5/attachment.html


More information about the Vol-users mailing list