Hi !
I'm a new user here interested in computer forensic,
I visit this great forum several times and I have a question
I wondered if there is a free tool with a gui that can
sort the date and time in the windows registry for analysis
I precise my idea when you export the windows registry in txt mode
date and time are associated with the keys so is there a tool that can
sort the keys by date and time of use to make a timeline of the registry ?
I'm afraid not being clear ! roll
Thx
R1
I wrote a Registry file parser (Perl script) this past summer, that would parse through a flat Registry file (in raw, binary mode…doesn't use the MS API) and print out the information, including the LastWrite time.
Modifying the output slightly, you could dump the output in comma- or semi-colon-delimited format, and open the resulting file in Excel. From there, you could easily sort on the date/time.
However, the tool is a Perl script, and doesn't have a GUI.
H. Carvey
"Windows Forensics and Incident Recovery"
http//
http//windowsir.blogspot.com
Hi,
Thanks for your reply
That's a good idea you had to create this script
Is it possible to use a copy of it ?
I saw it while i read the previous posts about registry
but the link seem to be broken
Thanks again
R1
R1,
Remember, I said that the script isn't a GUI…you'd specified that you wanted a GUI.
H. Carvey
"Windows Forensics and Incident Recovery"
windowsir.blogspot.com
Ok keydet89
Understood, no GUI in your tool wink
but it might be transform in excel format to sort the date and time.
R1
psyckoo [at] hotmail . com
R1,
What's your email address?
H. Carvey
"Windows Forensics and Incident Recovery"
windowsir.blogspot.com
Harlan, I'd like to check out your script, too. Would you email a copy?
See you next Thursday at 1230 ) I'll be there…
djvnet@yahoo.com
Thanks,
Dan