Notifications
Clear all
General (Technical, Procedural, Software, Hardware etc.)
4
Posts
3
Users
0
Likes
250
Views
Topic starter
dear all,
I need something to keep monitorated the shell bags. We need to analyze what happns in a USB.
Thanks all
Posted : 21/07/2016 1:58 pm
you sould acquire remotely multiple registries and parse it with encase enterprise or ftk softwares
or silent runer maybe do this for you
or you can set up siem or full network packet capture infustructure
Posted : 21/07/2016 7:39 pm
Topic starter
OK many thanks. What is siem?
Posted : 22/07/2016 9:21 pm
encase or FTK? they dont do anything special for shell bags
shellbags explorer is by FAR the most capable software there is for looking at shell bag entries.
all you need is usrclass.dat or ntuser.dat (on older systems) and load them into shellbags explorer
get it and a ton more here
Posted : 28/07/2016 5:21 pm