archive
Tag: registry

2016/10/10

Most Recent Used (MRU) Peek-A-Book

In this post, we will cover some cool ways to review the Most Recent Used (MRU) keys from the Windows registry. The goal of the article is to show how these keys can be useful, explain how to review them using RegRipper, and provide a means to review these keys directly from a memory image[…]

2015/02/03

A Peek Into The Windows 10 Registry and File System

by DFIRninja
Categories: Analysis, Host Forensics, News
Tags: , ,
Comments: Leave a Comment

:Windows 10 Registry and the File System: Here is a little peek into the Windows 10 Registry and Filesystem utilizing the Windows 10 Pro Technical Preview. The Technical preview can be downloaded from the below link: http://windows.microsoft.com/en-gb/windows/preview-iso Windows 10 so far seems to be a split between Windows 7 and Windows 8. Microsoft went back[…]

2014/05/24

NTUSER, SOFTWARE or SYSTEM Hive Registry Parser

Registry Parser There has been times where I would like to parse through a NTUSER, SYSTEM, SOFTWARE hive and pull back just the key and sub keys that have been modified between a certain date (which is one of the arguments for the below python script). Thanks to William Ballenthin for showing how this is[…]


Today is Tuesday
2017/06/27