Just a thought…if you create a timeline of system activity, you'll very likely see what happened on the system around that time.
I should be noted that the job of software is to present data to the end user, which has the job of interpreting it. Without help, you're stuck googling.
A well written program would at least have a tooltip popup, explaining WTF CMF is. Only thing i found was that Cern has something called CMF (Computer Management Framework), but apart from that i cant make heads or tails of the acronym
I wrote a security scanner in 1998, for each vulnerability i wrote a short description of what it was and what the impact was. I did this on my home computer on a zero budget - why cant professional software companies do this?
I see this as bad UX.
Well, you actually asked for this wink
A well written program would at least have a tooltip popup, explaining WTF CMF is.
What is the meaning of the WTF acronym? 😯
jaclaz
A well written program would at least have a tooltip popup, explaining WTF CMF is.
[…]
I see this as bad UX.
In this case, it looks as if the only programs available are registry viewers of sorts. You can find the key, the value and the data a time stamp. While some kind of documentation would be desirable, it's not likely to be easy to find. This? Somewhere in the SDK or DDK or whatever xDK that are available now.
Any decent FA (Forensic Analyst) would recognize it as a DOS device something that will lure you into trying to find what the CMF is, why it is there and whatever semantics it has. The trick, of course, is to recognize it as one
Unknown registry key, unknown values and data.
and to come to the right conclusion about it
Unknown, useless for analysis, ignore, and proceed.
Actually, this is so often the correct approach that it should be taught in Computer Forensics 101.
A FR (Forensic Researcher) on the other hand may find it a starting point for research. But that's a different activity.
What Windows versions have this area of the registry? Introduced in Win7 or was it present earlier? Is it present on Server as well? Embedded? other versions of Windows?
'Grep' all binaries for the registry key – what .EXE or .DLL or whatever refers to this area of the registry, and what do they do?
Run some program that is said to produce SQM-related data (Microsoft Live Messenger, perhaps) and see if it produces any relevant changes?
Monitor the key and subkeys, and produce a list of changes over time. Do things happen spontaneously, or is user activity needed? Correlate with other activity. (While a timeline is useful for a FA, it's normally a post hoc activity, and many timestamps mask prior activity. An FR wants as much as data as possible.)
If you have basic kernel debugging skills and you can boot a suspect image in a virtual machine, you can place a breakpoint on a registry key and clearly see what program (a userspace one or even a driver) is using (changing, creating, deleting) the key and what code is doing that. This may sound like an overkill, but it works.
Well, you actually asked for this wink
A well written program would at least have a tooltip popup, explaining WTF CMF is.
What is the meaning of the WTF acronym? 😯
jaclaz
Off the top of my head
Write To File
What's This For?
Wire Transfer Form
Whisky Tango Foxtrot
Welcome To Finland
World Trade Fair
World Taekwondo Federation
Worse Than Failure
Wednesday Thursday Friday
Wireless Telecommunication Facility
Warcraft Text File
Wikileaks Task Force (aka the CIA - I don't think I need to explain that acronym 8) )
Oh and Water Table Fluctuation
Personally, my money is on World Taekwondo Federation! D
Ben