Security Basics mailing list archives

RE: Dynamicism Of Windows Registry

From: "Eric Cooper" <ecooper () ICWGROUP com>
Date: Thu, 22 Jun 2006 16:10:23 -0700

I don't think you'll ever be able to do something like what you're
talking about using the registry.  But check out RegMon from
sysinternals.  It's a great tool for monitoring your registry - it
should give you some insight as to how much activity is really going on
there.  The registry can be extremely dynamic, depending on system
configuration, installed applications, etc.

http://www.sysinternals.com/Utilities/Regmon.html

-Eric 

-----Original Message-----
From: Jason T. Hallahan [mailto:jthallah () gmail com] 
Sent: Wednesday, June 21, 2006 11:57 AM
To: security-basics () securityfocus com
Subject: Dynamicism Of Windows Registry

Hello and good day:

I have a question. Exactly how dynamic is the Windows Registry?
Specifically, if you were somehow able to monitor in real-time the
changes made to the registry of a system on your network (HW/SW
installation, Processes running, websites visited, etc.) would you be
able to thwart an attack by that system (user), or would it be too
little information, too late?

Thanks for your help.

Best regards,
Jason

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
designated Norwich University a center of Academic Excellence in
Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---

#####################################################################################
Warning: 

This email and any files transmitted with it are confidential and intended solely for the use of the individual or 
entity to which it is addressed. If you are not the named addressee any review, dissemination, distribution or 
duplication of this e-mail is strictly prohibited. If you have received this email in error, please let us know by 
e-mail and delete it from your system. Please note that any personal views or opinions presented in this email are 
solely those of the author and do not necessarily represent those of the company.

Thank You.
#####################################################################################

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Dynamicism Of Windows Registry Jason T. Hallahan (Jun 22)
- RE: Dynamicism Of Windows Registry Roger A. Grimes (Jun 23)
- Re: Dynamicism Of Windows Registry Colin Bean (Jun 23)
  - RE: Dynamicism Of Windows Registry Vijender Yadav (Jun 26)
- Re: Dynamicism Of Windows Registry Eugene Nine (Jun 23)
- Re: Dynamicism Of Windows Registry Philippe De Ryck (Jun 23)
- Re: Dynamicism Of Windows Registry Neil (Jun 23)
- <Possible follow-ups>
- RE: Dynamicism Of Windows Registry Eric Cooper (Jun 23)