Friday, April 22, 2005

Registry Keys

I've been working on a spreadsheet containing several workbooks of Registry keys. One workbook contains AutoStart locations, another contains keys that track user activity (ie, MRU lists, etc.).

The basic format for the workbooks is to list the key, an explanation or description of the key (ie, when it's accessed, such as at system boot or user login), and references for how the key is used. Right now, my references consist entirely of links to MS web pages.

I've provided it to a couple of people I know for review, and one comment came back that there needs to be a different format. What would be a good format for something like this? HTML? What would be more useful/valuable to the user community? Would one format be more useful to, say, a forensic analyst, while another would be more useful to a Windows sysadmin?

I'll be considering responses as I update the material. Thanks.


Anonymous said...

Another format would be nice. If an incident responder didn't have MS Office or used Linux he may not be able to read it at all or farmatting may be funky, (OpenOffice).

I think html is a good idea. I think compiled html might be another thing to look at as well. These are nice to read.

Anonymous said...

Hello all,

I like HTML reports too.
Why not a format which could be read by a script,
like xml.

Have a nice day.

Anonymous said...

I think XML is probably the ideal format for this type of data. This way, the data can be presented in any number of ways without you needing to change anything.

H. Carvey said...

I'm going to proceed with the HTML, but I will take a look at XML...I've never written any XML so it may take a while.

On a side note, I'd like to ask anonymous posters to begin adding their email addresses into their posts, even using a format such as "keydet89 at yahoo dot com". That way, I can contact you directly if I have questions. Thanks.