Has anyone used the LastWrite times of a Registry keys as part of an incident investigation? Several keys in the HKLM and HKCU hives are updated when certain activity occurs (such as using the telnet.exe application)...so has anyone used this information when investigating a security incident? Thanks, HC
This archive was generated by hypermail 2b30 : Mon May 28 2001 - 20:27:17 PDT