±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34804
New Yesterday: 0 Visitors: 178

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

analysis registry from HDD image !!

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

analysis registry from HDD image !!

Post Posted: Tue Apr 25, 2017 4:30 pm

hello all ...
is there anyway to anlysis registry from image taken by FTK !! how we do that ?? i need open source tools please !
why i need this : i'll explain ...
some one try to connect to my server via RDP and i want to know if he did this or not i read a lot about RDP forensics all PDF and post taking about registry hives like :


\Software\Microsoft\Terminal Server\Client\Default
the application stores the history of the clients private IP addresses the local computer connected to.



\Software\Microsoft\Terminal Server\Client\Servers

the service stores the username used for the connection and also the computer name of the client PC

and some of posts talking about bitmap cache : about www.forensicfocus.com/...ic/t=5174/

is there any other place ??  

qassam22222
Senior Member
 
 
  

Re: analysis registry from HDD image !!

Post Posted: Tue Apr 25, 2017 5:28 pm

i need open source tools please !

Regripper
_________________
Computer, Cell Phone & Chip-Off Forensics

linkedin.com/in/igormikhaylovcf 

Igor_Michailov
Senior Member
 
 
  

Re: analysis registry from HDD image !!

Post Posted: Wed Apr 26, 2017 6:58 am

- Igor_Michailov
i need open source tools please !

Regripper

okay dear thanx ill try it ...  

qassam22222
Senior Member
 
 
  

Re: analysis registry from HDD image !!

Post Posted: Wed Apr 26, 2017 1:54 pm

I'll second Regripper, it works well. You can tailor the perl parsers to your needs. Smile  

bytethese
Member
 
 

Page 1 of 1