Forums
Main Category
General (Technical,...
Doubts about forens...
 
Notifications
Clear all

Doubts about forensic information

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jaclaz 11 years ago
13 Posts
7 Users
0 Reactions
987 Views
RSS
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
10/02/2015 1:25 am  

The SetRegTime tool can modify the LastWriteTime timestamp in the registry on mounted hives; http//code.google.com/p/mft2csv/wiki/SetRegTime

Very good ) , updated previous post.

From the given tool's page

My goal is to shed some light on the reality that registry timestamp manipulation is in fact very trivial. As a consequence it further reinforces the importance of proper (timeline) analysis, to get at the full picture and detect such attempts at timestamp modification.

jaclaz


   
ReplyQuote
 AshishSingh
(@ashishsingh)
Eminent Member
Joined: 11 years ago
Posts: 29
10/02/2015 10:28 am  

Hi,

• After logging on to a system, a temporary profile gets loaded that shows when an account was created. I guess that can prove to be helpful.

• To make significant changes to the registry keys, export your changes to a .reg file and follow them -

1. Click Start –> Run
2. Type regedit in the pop up box
3. Click File –> Export

Regards


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
10/02/2015 5:26 pm  

Hi,

• After logging on to a system, a temporary profile gets loaded that shows when an account was created. I guess that can prove to be helpful.

• To make significant changes to the registry keys, export your changes to a .reg file and follow them -

1. Click Start –> Run
2. Type regedit in the pop up box
3. Click File –> Export

Regards

Wow. 😯

Wouldn't these info be way too advanced to be posted on this thread? ?

jaclaz


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: