New user - Windows registry analysis
I'm a new user here interested in computer forensic,
I visit this great forum several times and I have a question
I wondered if there is a free tool with a gui that can
sort the date and time in the windows registry for analysis
I precise my idea when you export the windows registry in txt mode
date and time are associated with the keys so is there a tool that can
sort the keys by date and time of use to make a timeline of the registry ?
I'm afraid not being clear ! roll
I wrote a Registry file parser (Perl script) this past summer, that would parse through a flat Registry file (in raw, binary mode…doesn't use the MS API) and print out the information, including the LastWrite time.
Modifying the output slightly, you could dump the output in comma- or semi-colon-delimited format, and open the resulting file in Excel. From there, you could easily sort on the date/time.
However, the tool is a Perl script, and doesn't have a GUI.
"Windows Forensics and Incident Recovery"
Thanks for your reply
That's a good idea you had to create this script
Is it possible to use a copy of it ?
I saw it while i read the previous posts about registry
but the link seem to be broken
Understood, no GUI in your tool wink
but it might be transform in excel format to sort the date and time.
psyckoo [at] hotmail . com