Registry Key LastWrite times

From: H Carvey (keydet89at_private)
Date: Wed May 23 2001 - 07:52:06 PDT

  • Next message: freeholdat_private: "Re: Help any MAC gurus!"

    Has anyone used the LastWrite times of a 
    Registry keys as part of an incident 
    investigation?  Several keys in the HKLM and 
    HKCU hives are updated when certain activity 
    occurs (such as using the telnet.exe 
    application)...so has anyone used this 
    information when investigating a security 
    incident?
    
    Thanks,
    
    HC
    



    This archive was generated by hypermail 2b30 : Mon May 28 2001 - 20:27:17 PDT