Notifications

Clear all

Postmortem Autoruns Enumeration

General (Technical, Procedural, Software, Hardware etc.)

Last Post by keydet89 16 years ago

4 Posts

3 Users

0 Reactions

373 Views

RSS

Anonymous

(@Anonymous)

Guest

Joined: 1 second ago

Posts: 0

Topic starter 01/12/2009 8:05 pm

I know RegRipper can do a live system. I know that ProDiscover has the ability (with its ProScript functionality) to do postmortem with perl. Does anyone have a perl script already written I can use with ProDiscover OR perhaps another tool that enumerates the autorun registry entries on a "dead" drive?

Quote

kovar

(@kovar)

Prominent Member

Joined: 18 years ago

Posts: 805

01/12/2009 11:48 pm

Greetings,

RegRipper works just fine on "dead" systems….

-David

ReplyQuote

Anonymous

(@Anonymous)

Guest

Joined: 1 second ago

Posts: 0

Topic starter 01/12/2009 11:52 pm

Thanks!

ReplyQuote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

02/12/2009 12:02 am

I know RegRipper can do a live system. I know that ProDiscover has the ability (with its ProScript functionality) to do postmortem with perl. Does anyone have a perl script already written I can use with ProDiscover OR perhaps another tool that enumerates the autorun registry entries on a "dead" drive?

Not sure what you mean by "RegRipper can do a live system". Tthrough F-Response, sure…but not when run from a CD or thumb drive.

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
217 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed