Notifications
Clear all

agent for shellbags

4 Posts
3 Users
0 Likes
250 Views
 dega
(@dega)
Posts: 261
Reputable Member
Topic starter
 

dear all,
I need something to keep monitorated the shell bags. We need to analyze what happns in a USB.
Thanks all

 
Posted : 21/07/2016 1:58 pm
nightworker
(@nightworker)
Posts: 134
Estimable Member
 

you sould acquire remotely multiple registries and parse it with encase enterprise or ftk softwares

or silent runer maybe do this for you

or you can set up siem or full network packet capture infustructure

 
Posted : 21/07/2016 7:39 pm
 dega
(@dega)
Posts: 261
Reputable Member
Topic starter
 

OK many thanks. What is siem?

 
Posted : 22/07/2016 9:21 pm
EricZimmerman
(@ericzimmerman)
Posts: 222
Estimable Member
 

encase or FTK? they dont do anything special for shell bags

shellbags explorer is by FAR the most capable software there is for looking at shell bag entries.

all you need is usrclass.dat or ntuser.dat (on older systems) and load them into shellbags explorer

get it and a ton more here

https://binaryforay.blogspot.com/

 
Posted : 28/07/2016 5:21 pm
Share: