if anyone ever needs such a beast i just whipped up a converter for it.
it will take the registry report in HTML format, decode the search terms from hex to ascii, and add the decoded term next to the original.
some examples
7A6F6F ==> zoo
70746863 ==> pthc
and so on
if you have a case where you have a ton of search terms to decode this can save you a ton of time.
hit me up via email or PM if anyone is interested in it.
Not to take away from what you said.
I use Ares Decryptor from Frank Kolenbrander (carbonaria@gmail.com). Good guy, good progam, so I try to get it out there as much as possible. It will decode the share*.dat files to show current and historically shared files. It decodes the registry as well.
Worth 60 bucks if you do Ares periodically.
I may be displaying ignorance here - but what the heck is Ares?
Cheers
I may be displaying ignorance here - but what the heck is Ares?
Cheers
It's a P2P app -
Thanks ntexaminer, have never come across it in my limited corporate internal work
if anyone ever needs such a beast i just whipped up a converter for it.
Great work, Eric.
There's an "ares.pl" plugin for RegRipper, which does just that. The plugin was originally written in May, 2011, and was updated shortly there after to add collecting additional info.
Thanks for your work.
this was more of a post FTK report tool thingy vs decoding artifacts like Franks tool (which is sweet!)
an ice agent contacted me about it as he was doing it by hand. nerds dont like that so i automated it =)
i figured RegRipper had a module. i had someone asking me the other day about processing hives for ares stuff. theres the answer =) i will point him to RegRipper.
i figured RegRipper had a module. i had someone asking me the other day about processing hives for ares stuff. theres the answer =) i will point him to RegRipper.
One of the big misconceptions about RegRipper is that it has everything, "out of the box". It was originally intended to be a community-based and -driven tool…if there's not something that you're seeing in the output, ask.