Re: [Vol-users] searching registries
15 May
2012
15 May
'12
8:51 p.m.
Create a list of the keys/values you want to search and supply them to the
'Printkey' plugin
(http://code.google.com/p/volatility/wiki/CommandReference#printkey)
Additionally, depending on what you're searching against you can use Autoruns and
parse its contents or if you want a GUI search, try Registry Decoder.
--
Glenn P. Edwards Jr.
GREM, GCFA, GCIH
On Tuesday, May 15, 2012 at 6:38 PM, Mike Lambert wrote:
One thing we need to do is search the registries for
the keys that autorun malware.
Does anyone know of a free tool that will do that? I'm currently using Encase to do
that but it is and expensive solution.
Harlan's RegRipper will dump some registry entries and sometimes it works, but it
does not search.
Mike
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org (mailto:Vol-users@volatilityfoundation.org)
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
Attachments:
- attachment.html (text/html — 1.7 KB)