[Vol-users] searching registries
15 May
2012
15 May
'12
9:07 p.m.
Mike,
Have you tried any of the following?:
YARU (Yet Another Registry Utility) -
http://www.tzworks.net/prototype_page.php?proto_id=3
Regdecoder - http://code.google.com/p/registrydecoder/
Autoruns -
http://computer-forensics.sans.org/blog/2010/06/28/autoruns-dead-forensics/
Today's Topics:
1. searching registries (Mike Lambert)
----------------------------------------------------------------------
Message: 1
Date: Tue, 15 May 2012 17:38:58 -0500
From: Mike Lambert <dragonforen(a)hotmail.com>
Subject: [Vol-users] searching registries
To: Volatility List <vol-users(a)volatilityfoundation.org>
Message-ID: <SNT118-W5182DD5900ED6A56B23C3FAE1B0(a)phx.gbl>
Content-Type: text/plain; charset="iso-8859-1"
One thing we need to do is search the registries for the keys that autorun
malware.
Does anyone know of a free tool that will do that? I'm currently using
Encase to do that but it is and expensive solution.
Harlan's RegRipper will dump some registry entries and sometimes it works,
but it does not search.
Mike
Attachments:
- attachment.html (text/html — 2.5 KB)