Hi,
A quick question for our ubber security experts.
What is the best tool (or linux distro) for analyzing Windows Registry
(from live distro).
Sincerely,
Trol
Printable View
Hi,
A quick question for our ubber security experts.
What is the best tool (or linux distro) for analyzing Windows Registry
(from live distro).
Sincerely,
Trol
That would kind of depend what you define as "best"...
1) Fastest?
2) Easiest to use?
3) Has some particular forensics or analysis functionality?
4) Smallest foot print?
5) GUI?
6) CLI?
7) etc.
The one I use is RegRipper - it extracts useful registry data from registry hive files. You can make it run on Linux with some minor modifications to the Perl code.
thank you kindly Mr Lupin.
Is there a particular linux based distro best suited for forensic windows analysis?:)
Sincerely,
Trol
Checkout Helix. You might have to dig for the free version but according to my colleagues there still is one.
http://www.google.com/search?q=helix+forensics
e-fense :: Cyber Security & Computer Forensics Software
FCCU is another one. Helix is better known but I have used both and actually prefer FCCU. Last time I checked they were actually charging for Helix as well - a paid membership was required to download it. As Thorin mentioned you may stil be able to find a free version - which is the older edition of Helix 2 IIRC
As well as being able to boot to a Linux live environment, Helix does have some tools that can run on a live Windows system however, a capability that FCCU lacks since FCCU is a pure Linux boot environment.
thank you kindly Mr lupin and Mr Thorin :)
Sin-cerely,
Trol