[Vol-users] searching registries

Mark Kealiher mkealiher at gmail.com
Tue May 15 20:07:27 CDT 2012


Mike,

Have you tried any of the following?:

YARU (Yet Another Registry Utility) -
http://www.tzworks.net/prototype_page.php?proto_id=3
Regdecoder - http://code.google.com/p/registrydecoder/
Autoruns -
http://computer-forensics.sans.org/blog/2010/06/28/autoruns-dead-forensics/

Today's Topics:

>
>   1. searching registries (Mike Lambert)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 15 May 2012 17:38:58 -0500
> From: Mike Lambert <dragonforen at hotmail.com>
> Subject: [Vol-users] searching registries
> To: Volatility List <vol-users at volatilityfoundation.org>
> Message-ID: <SNT118-W5182DD5900ED6A56B23C3FAE1B0 at phx.gbl>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> One thing we need to do is search the registries for the keys that autorun
> malware.
>
> Does anyone know of a free tool that will do that?  I'm currently using
> Encase to do that but it is and expensive solution.
>
> Harlan's RegRipper will dump some registry entries and sometimes it works,
> but it does not search.
>
> Mike
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20120515/b160676f/attachment-0001.html
>
> ------------------------------
>
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>
>
> End of Vol-users Digest, Vol 47, Issue 4
> ****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20120515/293afdd5/attachment.html


More information about the Vol-users mailing list