Ares search term decoder for FTK registry report

Not to take away from what you said.

I use Ares Decryptor from Frank Kolenbrander (carbonaria@gmail.com). Good guy, good progam, so I try to get it out there as much as possible. It will decode the share*.dat files to show current and historically shared files. It decodes the registry as well.

Worth 60 bucks if you do Ares periodically.

I may be displaying ignorance here - but what the heck is Ares?

Cheers

I may be displaying ignorance here - but what the heck is Ares?

Cheers

It's a P2P app - http//aresgalaxy.sourceforge.net/.

Thanks ntexaminer, have never come across it in my limited corporate internal work

if anyone ever needs such a beast i just whipped up a converter for it.

Great work, Eric.

There's an "ares.pl" plugin for RegRipper, which does just that. The plugin was originally written in May, 2011, and was updated shortly there after to add collecting additional info.

Thanks for your work.

this was more of a post FTK report tool thingy vs decoding artifacts like Franks tool (which is sweet!)

an ice agent contacted me about it as he was doing it by hand. nerds dont like that so i automated it =)

i figured RegRipper had a module. i had someone asking me the other day about processing hives for ares stuff. theres the answer =) i will point him to RegRipper.

i figured RegRipper had a module. i had someone asking me the other day about processing hives for ares stuff. theres the answer =) i will point him to RegRipper.

One of the big misconceptions about RegRipper is that it has everything, "out of the box". It was originally intended to be a community-based and -driven tool…if there's not something that you're seeing in the output, ask.