tag:blogger.com,1999:blog-9518042.post8465865582434061609..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: File AssociationsUnknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-9518042.post-3416313904637542322008-08-12T22:07:00.000-05:002008-08-12T22:07:00.000-05:00Harlan,I have been using the assoc and ftype comma...Harlan,<BR/><BR/>I have been using the assoc and ftype commands for years, but generally for litigation support. However, we recently have been using them in incident response. The surprise for us was how quickly the two commands can demonstrate bad stuff going on. We dump the out puts to text files. Unusual file types stick out, as to the programs responsible for them.<BR/><BR/>Thanks again.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-46457836186680004982008-08-08T17:58:00.000-05:002008-08-08T17:58:00.000-05:00Very cool indeed!Thanks!Very cool indeed!<BR/>Thanks!Anonymousnoreply@blogger.com