±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 3
Overall: 27614
Visitors: 49

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

LastWrite time in the registry

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2, 3  Next 
  

LastWrite time in the registry

Post Posted: Sun Aug 12, 2007 11:32 am

Is there any way to deactivate the LastWrite time value for the registry keys ?  

sirius_black
Newbie
 
 
  

Re: LastWrite time in the registry

Post Posted: Mon Aug 13, 2007 6:32 am

I have yet to find either a public API for modifying the LastWrite time on Registry keys, or a setting that prevents this from being set.

Harlan  

keydet89
Senior Member
 
 
  

Re: LastWrite time in the registry

Post Posted: Sat Aug 25, 2007 12:21 pm

- keydet89
I have yet to find either a public API for modifying the LastWrite time on Registry keys, or a setting that prevents this from being set.

Harlan

Harlan,
Just wondering what is the easiest method to get last write time of keys in the registry.. i am sure that one of the scripts on the DVD with your book should do the job but I am still awaiting my copy of the book :). Is there any other freeware tool available? Till now I use Windows Registry Analyzer from Mitec but that is a little cumbersome way of doing things. i am actually lookng at a tool which could parse the registry and produce the output in an aexcel sheet for easy viewing. Any pointers would be appreciated.
Thanks!  

cinux
Member
 
 
  

Re: LastWrite time in the registry

Post Posted: Sun Aug 26, 2007 5:02 am

> Is there any other freeware tool available?

To my knowledge, no.

> i am actually lookng at a tool which could parse the registry and produce
> the output in an aexcel sheet for easy viewing.

Sorry, can't help you there...I usually write tools that extract just the values I'm looking for.

Harlan  

keydet89
Senior Member
 
 
  

Re: LastWrite time in the registry

Post Posted: Thu Jul 01, 2010 3:43 am

Harlan,

I'd like to bring this thread to the top once again:

- keydet89
I have yet to find either a public API for modifying the LastWrite time on Registry keys, or a setting that prevents this from being set.


Have you, or anyone else, an update on this one? I was wondering whether or not malware would be able to tamper with the LastWrite Times.

Cheers,
Stefan.  

skelm
Newbie
 
 
  

Re: LastWrite time in the registry

Post Posted: Thu Jul 01, 2010 9:31 am

Check some of the stuff at the Anti-Forensics website.  

douglasbrush
Senior Member
 
 
  

Re: LastWrite time in the registry

Post Posted: Thu Jul 01, 2010 2:37 pm

- skelm
I was wondering whether or not malware would be able to tamper with the LastWrite Times.

Cheers,
Stefan.



Anything is possible when Administrator privileges are involved.  

MDCR
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 3
Go to page 1, 2, 3  Next