Windows IR/Forensics

[Harlan Carvey <keydet89 () yahoo com>]

All,

I've released updates to the Forensic Server Project
(http://www.windows-ir.com/fsp.html).

I've released a standalone EXE of the FSP server
component, making it much easier to use.  This is a
slight update, in that it does not have a GUI dialog
interface as shown in my book.  The tool, fspc.exe, is
a CLI-based tool, but is fairly easy to use.

In addition, I've significantly updated the First
Responder Utility (FRU), as well as released it as a
standalone EXE.  The tool, fruc.exe, is also
CLI-based, and uses an ini file to control the
external tools that are run, as well as which Registry
keys/values are retrieved.  

I have several tools in the works that I'll be
releasing for use with fruc.exe.  Admins will also be
able to use these tools for remote data collection, if
so desired.  

The Registry key and value sections of the ini
file/fruc.exe tool allow the tool to dump either
specific Registry values or the contents of a Registry
key (one level down only, no subkeys).  An added
benefit is that the output includes the LastWrite time
of the key.

Thanks,

Harlan


=====
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/

"Meddle not in the affairs of dragons, for
you are crunchy, and good with ketchup."

"The simplicity of this game amuses me. 
Bring me your finest meats and cheeses."
------------------------------------------