Notifications

Clear all

analysis registry from HDD image !!

General (Technical, Procedural, Software, Hardware etc.)

Last Post by bytethese 8 years ago

4 Posts

3 Users

0 Reactions

509 Views

RSS

evilcode1

(@evilcode1)

Estimable Member

Joined: 10 years ago

Posts: 157

Topic starter 25/04/2017 11:30 pm

hello all …
is there anyway to anlysis registry from image taken by FTK !! how we do that ?? i need open source tools please !
why i need this i'll explain …
some one try to connect to my server via RDP and i want to know if he did this or not i read a lot about RDP forensics all PDF and post taking about registry hives like

\Software\Microsoft\Terminal Server\Client\Default
the application stores the history of the clients private IP addresses the local computer connected to.

\Software\Microsoft\Terminal Server\Client\Servers

the service stores the username used for the connection and also the computer name of the client PC

and some of posts talking about bitmap cache about http//www.forensicfocus.com/Forums/viewtopic/t=5174/

is there any other place ??

Quote

Igor_Michailov

(@igor_michailov)

Honorable Member

Joined: 20 years ago

Posts: 529

26/04/2017 12:28 am

i need open source tools please !

Regripper

ReplyQuote

evilcode1

(@evilcode1)

Estimable Member

Joined: 10 years ago

Posts: 157

Topic starter 26/04/2017 1:58 pm

i need open source tools please !

Regripper

okay dear thanx ill try it …

ReplyQuote

bytethese

(@bytethese)

Active Member

Joined: 11 years ago

Posts: 12

26/04/2017 8:54 pm

I'll second Regripper, it works well. You can tailor the perl parsers to your needs. )

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
284 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed