C:\tools>deleted.pl
It's that easy.
Addendum: No, this is NOT a RegRipper plugin...this is JT's code which is completely separate from RegRipper.
The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".
No comments:
Post a Comment