tag:blogger.com,1999:blog-9518042.post7087145368542860808..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: More Registry Analysis...Unknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-9518042.post-33665092286894593402008-04-01T10:11:00.000-05:002008-04-01T10:11:00.000-05:00Kevin,Great comments on Registry analysis...defini...Kevin,<BR/><BR/>Great comments on Registry analysis...definitely important things to keep in mind.<BR/><BR/>WRT making the tool available, I've found that posting it on public sites such as the Win4n6 Yahoo Group or SourceForge lets folks grab the software, but doesn't get me any feedback or input. In many cases, I think people are downloading it and never using it. I've been more inclined to send a copy to interested folks...that way I can follow up and pester folks for input... ;-)H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-85141496677670387772008-04-01T09:55:00.000-05:002008-04-01T09:55:00.000-05:00One other thing...in the Pimp my Registry Analysis...One other thing...in the Pimp my Registry Analysis post comments you talked about putting something up on Sourceforge. I was wondering if this project is on Sourceforge and if you're letting people take a look at it yet.Anonymoushttps://www.blogger.com/profile/10140419541264972382noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-46348609847514063642008-04-01T09:48:00.000-05:002008-04-01T09:48:00.000-05:00It sounds to me like Registry Analysis is a great ...It sounds to me like Registry Analysis is a great way to help take evidence and put it into context. That context becomes particularly important on computers with multiple users. Another thing to consider is the value of corroboration. We know that file system data like MAC times or file owner can be altered, so hopefully we can use Registry Analysis as a way to corroborate the information that we gather elsewhere. It just seems like an important part of being thorough.Anonymoushttps://www.blogger.com/profile/10140419541264972382noreply@blogger.com