Postmortem Autoruns Enumeration

General (Technical, Procedural, Software, Hardware etc.)

Last Post by keydet89 17 years ago

4 Posts

3 Users

0 Reactions

523 Views

RSS

Anonymous

(@Anonymous)

Joined: 1 second ago

Posts: 0

Topic starter 01/12/2009 8:05 pm [#4978]

I know RegRipper can do a live system. I know that ProDiscover has the ability (with its ProScript functionality) to do postmortem with perl. Does anyone have a perl script already written I can use with ProDiscover OR perhaps another tool that enumerates the autorun registry entries on a "dead" drive?

Quote

kovar

(@kovar)

Prominent Member

Joined: 19 years ago

Posts: 805

01/12/2009 11:48 pm

Greetings,

RegRipper works just fine on "dead" systems….

-David

ReplyQuote

Anonymous

(@Anonymous)

Joined: 1 second ago

Posts: 0

Topic starter 01/12/2009 11:52 pm

Thanks!

ReplyQuote

keydet89

(@keydet89)

Famed Member

Joined: 22 years ago

Posts: 3568

02/12/2009 12:02 am

I know RegRipper can do a live system. I know that ProDiscover has the ability (with its ProScript functionality) to do postmortem with perl. Does anyone have a perl script already written I can use with ProDiscover OR perhaps another tool that enumerates the autorun registry entries on a "dead" drive?

Not sure what you mean by "RegRipper can do a live system". Tthrough F-Response, sure…but not when run from a CD or thumb drive.

ReplyQuote