Full Disclosure mailing list archives

Re: Re: Windows Registry Analzyer

From: Michael Holstein <michael.holstein () csuohio edu>
Date: Thu, 03 Mar 2005 15:43:17 -0500

  Yes, absolutely.  It's called "InCtrl5" and it is *exactly* what you both
want.


Found it :

http://publicdata.home.comcast.net/inctrl5.zip

Also note : this is Plugin #56 on PartPE (which would be quite usefulfor forensics -- you could boot the undisturbed system under BART, graba snapshot, do (x), and grab a comparison snapshot agian under BART --thus avoiding all the other volitle crud that changes between Windowsreboots).



~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Windows Registry Analzyer, (continued)
- RE: Windows Registry Analzyer Cassidy Macfarlane (Mar 03)
  - Re: Windows Registry Analzyer Danny (Mar 03)
    - Re: Windows Registry Analzyer Eric Windisch (Mar 03)
    - Re: Windows Registry Analzyer Dave Korn (Mar 03)
    - Re: Re: Windows Registry Analzyer Michael Holstein (Mar 03)
    - Re: Re: Windows Registry Analzyer Eric Windisch (Mar 03)
    - Re: Windows Registry Analzyer Raoul Nakhmanson-Kulish (Mar 04)
    - RE: Re: Windows Registry Analzyer Aditya Deshmukh (Mar 05)
  - Re: Windows Registry Analzyer Dave King (Mar 03)
  - Re: Windows Registry Analzyer Dave Korn (Mar 03)
    - Re: Re: Windows Registry Analzyer Michael Holstein (Mar 03)
  - RE: Windows Registry Analzyer Aditya Deshmukh (Mar 03)
    - Re: Windows Registry Analzyer joey (Mar 03)
- RE: Windows Registry Analzyer Todd Towles (Mar 03)
- RE: Re: Windows Registry Analzyer Handy, Mark (IT) (Mar 03)
  - RE: Re: Windows Registry Analzyer Ron DuFresne (Mar 04)
- RE: Windows Registry Analzyer Davison, Nigel (Mar 04)