Forensically interesting spots in the Windows 7, Vista and XP file system and registry (prep work for my anti-forensics class)

[kdpryor at gmail.com (Ken Pryor)]

I do forensics and I use RegRipper on pretty much every case I work.  It's
an amazing tool.
KP

On Fri, Aug 14, 2009 at 5:17 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:

> I knew about the book, but thanks for pointing me to regripper, I'll have
> to look at it.
>
> Adrian
>
> On Thu, Aug 13, 2009 at 10:00 PM, iamnowonmai <iamnowonmai at gmail.com>wrote:
>
> > Hey Irongeek - You'll find a lot of these and more covered in Windows
> > Forensic Analysis, 2nd edition, by Harlan Carvey, as well as RegRipper ->
> > http://www.regripper.net/
> >
> > <http://www.regripper.net/>You probably already knew that but I thought I
> > would mention it just in case ;)
> > iamnowonmai
> >
> > On Thu, Aug 13, 2009 at 4:53 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:
> >
> > > I've started work on a list of Windows registry keys and file systems
> > > spots that would be of interest to forensics, anti-forensics and pen-test
> > > folks. If you have additions, please email me.
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090814/fa65795f/attachment.htm