FSA = Forensic and System Administration
I subscribe to Harlan's blog, and recently he has made three separate posts about tools; read them. I was poking around NirSoft (linked from Harlan's blog), and stumbled upon some more tools I feel should be highlighted:
IE PassView: Dumps passwords stored in IE (works with IE7 in Vista!)
USBDeview: Extracts the USB device information stored in the Windows registry from a live system
RecentFilesView: Lists the recently accessed files from a live Windows system
Note: Harlan's RegRipper accomplishes similar feats (usb history, recent files, etc) in an offline fashion, from registry hives on acquired drives or read-only drives.
Note: OpenedFilesView doesn't work on Vista x64
Have fun!
Subscribe to:
Post Comments (Atom)
1 comment:
Jason,
Thanks for the comment over on my blog...I look forward to seeing what's to come here.
RegRipper is something I use all the time in my own cases, and it can be used on live systems in conjunction with F-Response...
Thanks!
Post a Comment