[Vol-users] searching registries - Thank You All

Mike Lambert dragonforen at hotmail.com
Thu May 17 14:11:51 CDT 2012


David, Glenn, Jamie, Andrew and Mark,
 
Thank you all for your suggestions!! I have several options for people to open dead registries that do not have forensic tools.
 
Have a great day all!
 
Mike
 

> Date: Tue, 15 May 2012 21:48:50 -0500
> Subject: Re: [Vol-users] searching registries
> From: atcuno at gmail.com
> To: jamie.levy at gmail.com
> CC: dragonforen at hotmail.com; vol-users-bounces at volatilityfoundation.org; hiddenillusion at gmail.com; vol-users at volatilityfoundation.org
> 
> Registry Decoder will definitely do what you want. Just process the
> hives in it, and then you can a search (either standard or with
> wildcards) and you can limit to just keys, names, or values, and you
> can also filter by last write time. You will immediately get tabs
> generated for all the hits, and then you can get them automatically
> reported into a number of formats. For more information, please see
> the instructions file in the downloads section of the website.
> 
> On Tue, May 15, 2012 at 9:23 PM, Jamie Levy <jamie.levy at gmail.com> wrote:
> > I think Registry Decoder would be useful for you:
> >
> > http://www.digitalforensicssolutions.com/registrydecoder/
> >
> >
> >
> > -----Original Message-----
> > From: Mike Lambert <dragonforen at hotmail.com>
> > Sender: vol-users-bounces at volatilityfoundation.org
> > Date: Tue, 15 May 2012 20:31:17
> > To: <hiddenillusion at gmail.com>
> > Cc: Volatility List<vol-users at volatilityfoundation.org>
> > Subject: RE: [Vol-users] searching registries
> >
> > _______________________________________________
> > Vol-users mailing list
> > Vol-users at volatilityfoundation.org
> > http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
> >
> >
> > _______________________________________________
> > Vol-users mailing list
> > Vol-users at volatilityfoundation.org
> > http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20120517/c3709518/attachment.html


More information about the Vol-users mailing list