Regripper RDPhint Last Write Time

General (Technical, Procedural, Software, Hardware etc.)

Last Post by theredmoose 9 years ago

1 Posts

1 Users

0 Likes

591 Views

RSS

theredmoose

(@theredmoose)

Posts: 17

Active Member

Topic starter

I have two questions about the RDPhint plugin from regripper.

1) Does it log failed login attempts?

I believe it only logs successful login attempts. I found this older forum post that states someone had tested it. http//www.computerforensicsworld.com/modules.php?name=Forums&file=viewtopic&t=2779

2) Do the last write times provide the time of the last successful RDP login or the first login?

In the forum post I found above one guy discusses that the time field that RDPHint grabs is the LAST WRITE time to the reg key.

If that is the case then when the first RDP connection is made to a system it writes to the reg key. When the second connection is made it already sees the regkey and therefore doesn't change the LAST WRITE time. However it will update the username creds used.

Has anyone else have any experience with RDPHint?

Thanks.

Posted : 26/11/2014 11:12 am

8 Forums
15.5 K Topics
92 K Posts
5 Online
40.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed