archive
Date: May 2014

2014/05/24

NTUSER, SOFTWARE or SYSTEM Hive Registry Parser

Registry Parser There has been times where I would like to parse through a NTUSER, SYSTEM, SOFTWARE hive and pull back just the key and sub keys that have been modified between a certain date (which is one of the arguments for the below python script). Thanks to William Ballenthin for showing how this is[…]

2014/05/19

Physical Memory Analysis – Volatility

by Destruct_Icon
Categories: Analysis, Host Forensics
Tags: ,
Comments: Leave a Comment

Volatility So far we have gone through two other means of memory analysis; Bulk Extractor and Foremost. We plan to go very deep into Volatility at a later date but, as this run of posts is about basics of phys mem, I want to keep this relatively short and sweet. Volatility is a collection of[…]


Today is Monday
2017/12/18