Monday, June 9, 2008

Windows FSA Tools

FSA = Forensic and System Administration

I subscribe to Harlan's blog, and recently he has made three separate posts about tools; read them. I was poking around NirSoft (linked from Harlan's blog), and stumbled upon some more tools I feel should be highlighted:

IE PassView: Dumps passwords stored in IE (works with IE7 in Vista!)

USBDeview: Extracts the USB device information stored in the Windows registry from a live system

RecentFilesView: Lists the recently accessed files from a live Windows system

Note: Harlan's RegRipper accomplishes similar feats (usb history, recent files, etc) in an offline fashion, from registry hives on acquired drives or read-only drives.

Note: OpenedFilesView doesn't work on Vista x64

Have fun!

1 comment:

H. Carvey said...

Jason,

Thanks for the comment over on my blog...I look forward to seeing what's to come here.

RegRipper is something I use all the time in my own cases, and it can be used on live systems in conjunction with F-Response...

Thanks!