Honeypots mailing list archives
Windows IR/Forensics
From: Harlan Carvey <keydet89 () yahoo com>
Date: Mon, 1 Nov 2004 07:15:54 -0800 (PST)
All, I've released updates to the Forensic Server Project (http://www.windows-ir.com/fsp.html). I've released a standalone EXE of the FSP server component, making it much easier to use. This is a slight update, in that it does not have a GUI dialog interface as shown in my book. The tool, fspc.exe, is a CLI-based tool, but is fairly easy to use. In addition, I've significantly updated the First Responder Utility (FRU), as well as released it as a standalone EXE. The tool, fruc.exe, is also CLI-based, and uses an ini file to control the external tools that are run, as well as which Registry keys/values are retrieved. I have several tools in the works that I'll be releasing for use with fruc.exe. Admins will also be able to use these tools for remote data collection, if so desired. The Registry key and value sections of the ini file/fruc.exe tool allow the tool to dump either specific Registry values or the contents of a Registry key (one level down only, no subkeys). An added benefit is that the output includes the LastWrite time of the key. Thanks, Harlan ===== ------------------------------------------ Harlan Carvey, CISSP "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://groups.yahoo.com/group/windowsir/ "Meddle not in the affairs of dragons, for you are crunchy, and good with ketchup." "The simplicity of this game amuses me. Bring me your finest meats and cheeses." ------------------------------------------
Current thread:
- Windows IR/Forensics Harlan Carvey (Nov 01)