Yes, I'm still working on the Registry Analysis HOWTO, subtitled "Your Reg-foo is very good..." (remember the old, poorly-dubbed "BlackBelt Theatre"??). I'm using what I've got so far as a stepping off point for a presentation at work, then a similar presentation at a conference in June.
I've got some interesting tidbits so far...detecting deleted user accounts, mapping USB-connected storage devices, etc.
I was wondering that things you guys look for (or want to know more about) in the Registry.
Before you comment or email me...malware stuff is pretty passe. It's well known. We all know about the ubiquitous 'Run' key. So keeping that in mind, send in your tips...
No comments:
Post a Comment