±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 2 Overall: 36767
New Yesterday: 4 Visitors: 171

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

ProScripts posted

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts

Senior Member

ProScripts posted

Post Posted: Apr 21, 06 15:23

For those using ProDiscover, I've posted a couple of ProScripts to the updated TechPathways forums...

I reposted the UserDump.pl script which pulls user info and group membership from the SAM portion of the Registry, parsing the F, V, and C values. I've added a ProScript that lets you copy out the EventLog files, so you can parse them with File::ReadEvt, and I've added a ProScript that parses the UserAssist keys from the HKEY_USERS hive, translating the ROT-13 "encryption" and parsing the datetime stamps.


Page 1 of 1