Mike,

Have you tried any of the following?:

YARU (Yet Another Registry Utility) - http://www.tzworks.net/prototype_page.php?proto_id=3
Regdecoder - http://code.google.com/p/registrydecoder/
Autoruns - http://computer-forensics.sans.org/blog/2010/06/28/autoruns-dead-forensics/

Today's Topics:

  1. searching registries (Mike Lambert)


----------------------------------------------------------------------

Message: 1
Date: Tue, 15 May 2012 17:38:58 -0500
From: Mike Lambert <dragonforen@hotmail.com>
Subject: [Vol-users] searching registries
To: Volatility List <vol-users@volatilityfoundation.org>
Message-ID: <SNT118-W5182DD5900ED6A56B23C3FAE1B0@phx.gbl>
Content-Type: text/plain; charset="iso-8859-1"


One thing we need to do is search the registries for the keys that autorun malware.

Does anyone know of a free tool that will do that?  I'm currently using Encase to do that but it is and expensive solution.

Harlan's RegRipper will dump some registry entries and sometimes it works, but it does not search.

Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20120515/b160676f/attachment-0001.html

------------------------------

_______________________________________________
Vol-users mailing list
Vol-users@volatilesystems.com
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users


End of Vol-users Digest, Vol 47, Issue 4
****************************************