I am wondering if there are any programs that work on a set of registry files (e.g. registry files copied from compromised system to your computer for forensics analysis), rather than on a "live registry". My concern is that once you boot up a compromised system and the registry is being loaded, some of the keys would have already being modified. Or am I wrong? Cheers! -- Tan Sze Yan | Computer Security Lab Research Engineer | DSO National Laboratories Tel: (65)7727379 | 20 Science Park Drive Fax: (65)7755943 | Singapore 118230 Security Related wrote: > > You are probably all aware of it already, but another handy registry tool is > 'registrar', or the free one 'registrar lite', it will search the registry > and find all instances of a string and present them in a list, rather than > the "find->find next" method, it will also do search and replace on the > entire registry too... > > ES > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com
This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 09:49:01 PDT