Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : I just pushed out an update to the appcompatcache.pl plugin, and committed it to the Github archive. The update was based on a request I'd received to make the output of the tool a bit more manageable, and that was right along the lines of something I'd been thinking about doing for some time, anyway. In short, the update simply puts the output for each entry on a single line, with the app path and name first, then the date, then other data that's specific to 32-bit XP, actually , and finally, the executed flag. Each segment is separated by two spaces. So, what does this mean Well, the format puts everything on one line, so if you redirect the output to a file and any searches you run will give you the entire line, not just the first line as with the old format . Another way to use this new format is the way I like to use it, to determine if there's anything in the ShimCache data that requires my attention rip.pl -r d cases local system -p appcompatcache find programdata i Done. That's it. Using DOS commands, it's quick and easy to run through a data sample quickly to see if there's anything of interest. What techniques do you use during Registry analysis

Les mots clés de la revue de presse pour cet article : plugin
Les videos sur SecuObs pour les mots clés : plugin
Les éléments de la revue Twitter pour les mots clé : plugin





Les derniers articles du site "Windows Incident Response" :

- Training Philosophy
- Cool Stuff, re WMI Persistence
- Windows Registry Forensics, 2E
- Event Logs
- Links Plugin Updates and Other Things
- Tools, Links, From the Trenches, part deux
- From the Trenches
- Updated samparse.pl plugin
- The Need for Instrumentation
- Analysis

---

S'abonner au fil RSS global de la revue de presse

---