Week of Data Dumps, Part 7 – registry
2022-8-7 04:57:45 Author: www.hexacorn.com(查看原文) 阅读量:28 收藏

August 6, 2022 in Archaeology, Clustering, File Formats ZOO

This one is not a surprise, I hope. Most of forensic artifacts come from either file- or Registry- oriented artifacts. Of course, there is a macOS&OS/X world out there, there is Linux, but in reality, lots of DFIR is still living inside the Microsoft world.

My 3R page lists a lot of interesting Windows Registry artifacts that I automagically pulled from Harlan Carvey’s regripper.

The file linked to this post shows a few more, either properly attributed… or not. After all, who has the TIME for all the analysis?!!! Still, hopefully it’s useful to some…


文章来源: https://www.hexacorn.com/blog/2022/08/06/week-of-data-dumps-part-7-registry/
如有侵权请联系:admin#unsafe.sh