New
#1
What tool for Registry forensics ?
I currently have a win 7 machine that I need to find information stored in the
registry (probably SAM-keys etc thats not available for a user mode)
And btw, I did a full sector-by-sector clone of a C:/drive to .dd file so I probably need a
so called offline tool to examine the register. If thats possible, I will also try a live-tool right now because time is son running out
(the .dd file is a complete disk image as the state-of- saved as a original, and this is duplicated to copies for later examinations without affecting the real system)
IĀ“dont have licensed Encase/forensic suits.
But there are some open-source tools out there
Regripper - ForensicsWiki
https://www.researchgate.net/publica...ows_7_Registry
Anyone with some tips?
Code:Examples of data I want is the history, autologin,credentials, last network info, etc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{Wireless - Identifier} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Printers HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR