tag:blogger.com,1999:blog-9518042.post113343937192033199..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Registry ReferenceUnknownnoreply@blogger.comBlogger7125tag:blogger.com,1999:blog-9518042.post-1133977655244630772005-12-07T12:47:00.000-05:002005-12-07T12:47:00.000-05:00I like this idea and would be willing to help with...I like this idea and would be willing to help with it. How about using a format similar to OSVDB?<BR/><BR/>TravisAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1133868909216981842005-12-06T06:35:00.000-05:002005-12-06T06:35:00.000-05:00Where were you planning on getting it from? Based ...<I>Where were you planning on getting it from? Based on the post, it appears you were looking to put together a single source for forensics specific registry information.</I><BR/><BR/>That's exactly right...I'd like to put together a single source. One complaint I hear a lot is that there is a lot of information out there...but it's "out there" and not in one place.<BR/><BR/>As far as where to get the information, my intention has been to produce the initial set-up and from there, take submissions from the community. There will be submission criteria, a review process, etc. After all, the goal is to provide credible, useful information.<BR/><BR/>The process you mention in your comment is a good start.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1133848395322173992005-12-06T00:53:00.000-05:002005-12-06T00:53:00.000-05:00Where were you planning on getting it from? Based ...Where were you planning on getting it from? Based on the post, it appears you were looking to put together a single source for forensics specific registry information. <BR/><BR/>Reviewing and extracting the pertinent information from he W2K3 DepKit previously mentioned could be a starting place. The second, is input from followers of your blog and/or the community. Perhaps in a Wiki type format. Alternatively, items are submitted to you directly with associated documentation for verification and review and subsequent approval, with the database being able to be searched a la eventid.net.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1133821439970802042005-12-05T17:23:00.000-05:002005-12-05T17:23:00.000-05:00That'd be great...but then it's a matter of conten...That'd be great...but then it's a matter of content. <BR/><BR/>Where do we get the content?H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1133818240384169542005-12-05T16:30:00.000-05:002005-12-05T16:30:00.000-05:00What about a format along the lines of www.eventid...What about a format along the lines of www.eventid.net?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1133795416783995662005-12-05T10:10:00.000-05:002005-12-05T10:10:00.000-05:00Good link to the Windows 2003 reference, and there...Good link to the Windows 2003 reference, and there are some good leads there...thanks.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1133563521537575632005-12-02T17:45:00.000-05:002005-12-02T17:45:00.000-05:00Here's a (not so complete) reference for Win2k:htt...Here's a (not so complete) reference for Win2k:<BR/><BR/>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/c4dd12f8-d96a-476a-8e31-6c2043fe77a7.mspx<BR/><BR/>bryan AT adminfoo DOT netAnonymousnoreply@blogger.com