Registry Key LastWrite times

From: H Carvey (keydet89at_private)
Date: Wed May 23 2001 - 07:52:06 PDT

Next message: freeholdat_private: "Re: Help any MAC gurus!"

Previous message: Jun: "[Q]Forensic tool"
Next in thread: Troy Larson: "RE: Registry Key LastWrite times"
Reply: Troy Larson: "RE: Registry Key LastWrite times"
Reply: VanMeter, John: "RE: Registry Key LastWrite times"
Reply: H Carvey: "RE: Registry Key LastWrite times"
Reply: Medina, Patricia L.: "RE: Registry Key LastWrite times"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Has anyone used the LastWrite times of a 
Registry keys as part of an incident 
investigation?  Several keys in the HKLM and 
HKCU hives are updated when certain activity 
occurs (such as using the telnet.exe 
application)...so has anyone used this 
information when investigating a security 
incident?

Thanks,

HC

Next message: freeholdat_private: "Re: Help any MAC gurus!"
Previous message: Jun: "[Q]Forensic tool"
Next in thread: Troy Larson: "RE: Registry Key LastWrite times"
Reply: Troy Larson: "RE: Registry Key LastWrite times"
Reply: VanMeter, John: "RE: Registry Key LastWrite times"
Reply: H Carvey: "RE: Registry Key LastWrite times"
Reply: Medina, Patricia L.: "RE: Registry Key LastWrite times"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 28 2001 - 20:27:17 PDT