tag:blogger.com,1999:blog-9518042.post3632313464501425576..comments2024-03-16T07:01:22.721-05:00Comments on Windows Incident Response: Links and UpdatesUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-9518042.post-56110566036233414212011-10-01T07:14:32.650-05:002011-10-01T07:14:32.650-05:00Does WRF provide what you're looking for? If ...Does <i>WRF</i> provide what you're looking for? If not, what's missing?H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-78284721535821174472011-09-29T13:33:24.386-05:002011-09-29T13:33:24.386-05:00I have tried to find a quality book about Windows ...I have tried to find a quality book about Windows registry. <br /><br />Windows Registry Forensics gives a lot. Thank you for this tip.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-41933263481308613412011-09-20T06:38:29.709-05:002011-09-20T06:38:29.709-05:00Great comments, thanks!
Jimmy, the ability to ext...Great comments, thanks!<br /><br />Jimmy, the ability to extract keys and values from unallocated space has been available for quite some time now, through Jolanta's regslack. I'm glad to see that this functionality is being added to other tools, as well.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-51343094777579162002011-09-19T22:29:29.960-05:002011-09-19T22:29:29.960-05:00I really enjoyed this blog. I even tweeted it to s...I really enjoyed this blog. I even tweeted it to spread it. It contains a good wrap up of the last week of forensics. I fully agree that the community doesn’t release detailed notes like Andrew Case did on the recovery of Registry Hive files. I hope that quantity of helpful information increases to come because it is helpful to young people like me interested in DFIR. Its one thing to have plenty of information available to learn it’s an entirely different concept to see that knowledge applied in a step by step to really understand the nuts and bolts of an investigation. I really hope to contribute as much as I can to the community as it has been so kind to me. <br />Thanks for the blog, look forward to the next one!Wyatt Roersmahttps://www.blogger.com/profile/11034055536178346070noreply@blogger.com