Notifications
Clear all
General (Technical, Procedural, Software, Hardware etc.)
4
Posts
3
Users
0
Reactions
385
Views
Topic starter
21/07/2016 2:58 pm
dear all,
I need something to keep monitorated the shell bags. We need to analyze what happns in a USB.
Thanks all
21/07/2016 8:39 pm
you sould acquire remotely multiple registries and parse it with encase enterprise or ftk softwares
or silent runer maybe do this for you
or you can set up siem or full network packet capture infustructure
Topic starter
22/07/2016 10:21 pm
OK many thanks. What is siem?
28/07/2016 6:21 pm
encase or FTK? they dont do anything special for shell bags
shellbags explorer is by FAR the most capable software there is for looking at shell bag entries.
all you need is usrclass.dat or ntuser.dat (on older systems) and load them into shellbags explorer
get it and a ton more here