Results 1 to 7 of 7

Thread: Windows Registry analysis

Hybrid View

  1. #1
    Member webtrol's Avatar
    Join Date
    Jan 2010
    Posts
    113

    Default Windows Registry analysis

    Hi,
    A quick question for our ubber security experts.
    What is the best tool (or linux distro) for analyzing Windows Registry
    (from live distro).

    Sincerely,
    Trol

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    That would kind of depend what you define as "best"...

    1) Fastest?
    2) Easiest to use?
    3) Has some particular forensics or analysis functionality?
    4) Smallest foot print?
    5) GUI?
    6) CLI?
    7) etc.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    The one I use is RegRipper - it extracts useful registry data from registry hive files. You can make it run on Linux with some minor modifications to the Perl code.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Member webtrol's Avatar
    Join Date
    Jan 2010
    Posts
    113

    Default

    thank you kindly Mr Lupin.

    Is there a particular linux based distro best suited for forensic windows analysis?

    Sincerely,
    Trol

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Checkout Helix. You might have to dig for the free version but according to my colleagues there still is one.

    http://www.google.com/search?q=helix+forensics

    e-fense :: Cyber Security & Computer Forensics Software
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    FCCU is another one. Helix is better known but I have used both and actually prefer FCCU. Last time I checked they were actually charging for Helix as well - a paid membership was required to download it. As Thorin mentioned you may stil be able to find a free version - which is the older edition of Helix 2 IIRC

    As well as being able to boot to a Linux live environment, Helix does have some tools that can run on a live Windows system however, a capability that FCCU lacks since FCCU is a pure Linux boot environment.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •