Join Us!

Registry Viewer Rep...
 
Notifications
Clear all

Registry Viewer Reports  

  RSS
mrpumba
(@mrpumba)
Active Member

This is my delima. I am using Registry Viewer on an investigation. I have found a Key in a hive and I only want to add the one key. SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\COMDLG32\OPENSAVEPIDMRU\JPG……KEY 6
I use the Define Summary Report and select the one file and add it. When I select "preview report", there is only the one key…..GREAT! When I generate a report, it is no where to be found in the newly generated report.
I called FTK and they did not know how to add this one file to the report. Is anyone proficient with the reports in Registry Viewer?

Quote
Posted : 18/08/2011 1:47 am
keydet89
(@keydet89)
Community Legend

Why not just use RegRipper?

ReplyQuote
Posted : 18/08/2011 4:40 pm
miket065
(@miket065)
Active Member

Why not just use RegRipper?

Definitely! Plus you can easily copy the desired text from the RegRipper report into your final report.

In the alternative of that, grab a screen capture of the relevant key.

ReplyQuote
Posted : 18/08/2011 5:42 pm
mrpumba
(@mrpumba)
Active Member

Never heard of Regripper but will look into it. Is it easy to use?

ReplyQuote
Posted : 19/08/2011 6:36 am
mrpumba
(@mrpumba)
Active Member

Are you guys using it for Criminal Forensics?

ReplyQuote
Posted : 19/08/2011 6:38 am
mrpumba
(@mrpumba)
Active Member

Miket065, when you do the screen capture, what are you doing with it or how are you entering that into the report?

ReplyQuote
Posted : 19/08/2011 6:40 am
miket065
(@miket065)
Active Member

Miket065, when you do the screen capture, what are you doing with it or how are you entering that into the report?

I use PrintKey 2000. It's free and I just insert the .jpg into my report.

http//www.webtree.ca/newlife/printkey_info.htm

ReplyQuote
Posted : 19/08/2011 6:50 am
miket065
(@miket065)
Active Member

Are you guys using it for Criminal Forensics?

Yes, criminal forensics.

ReplyQuote
Posted : 19/08/2011 6:51 am
mrpumba
(@mrpumba)
Active Member

Have you used Printkey in Win7?

ReplyQuote
Posted : 19/08/2011 7:09 am
miket065
(@miket065)
Active Member

I have.

ReplyQuote
Posted : 19/08/2011 7:29 am
keydet89
(@keydet89)
Community Legend

Never heard of Regripper but will look into it. Is it easy to use?

I guess that depends on what you mean by "easy". 😉 Seriously, though…RegRipper is easy if you understand what it does and how to use it. If you have expectations about how it works and what it does, and those expectations aren't inline with the tool design and construction, then no, it's not easy to use.

ReplyQuote
Posted : 19/08/2011 5:09 pm
billethridge
(@billethridge)
New Member

Tools can be easy to use, but that can be deceptive and even dangerous to your case. RegRipper is certainly easy to use in the sense that it is "easy" to set up and run, the old fill in the blanks sort of thing. Where tools get dangerous, is they are so easy you don't spend the time and effort that you casn expalin what they do and how they do it. I love RegRipper, but I ran over 40 test cases with it, and manually verified all the results so that I could explain on the stand just what the tool had done and how it worked before I used it in an actual case. RegRipper is worth that kind of committment.

ReplyQuote
Posted : 19/08/2011 5:18 pm
douglasbrush
(@douglasbrush)
Senior Member

Easy to use - yes.

I use it in both civil and criminal matters.

Windows Registry Recovery from MiTech can be used as well and a good compliment. Do get at least a familiarity with how the registry is composed - you want to make sure you don't just garbage in garbage out the results. One tool and one use of it makes not the forensicator.

ReplyQuote
Posted : 19/08/2011 6:22 pm
Share: