Peter, thanks, but that is the Excel spreadsheet that I created and posted off of my web site at windows-ir.com.
Harlan --- Peter Parker <[EMAIL PROTECTED]> wrote: > > Sending an excell sheet that I had got from... which > forum I dont know! > (with due credit to the author) > I had used it at several instances and found it to > be helpful. > > hth > > Note to the moderator: If M$ docs are not permited, > pls forward the msg > to keydet89 > > > On 26 Nov 2005 12:26:49 -0000, [EMAIL PROTECTED] > said: > > I'm curious as to what sort of information > analysts and in particular > > LEOs are looking for in a Windows Registry > reference. > > > > Sticking to just 2K+ (including XP and 2K3), I'd > like to know: > > > > 1. What are LEOs and analysts looking for? What > format is easiest to > > use? Spreadsheet? Database? > > > > 2. What kinds of things do you want to know about > the keys? Where they > > come from? How/when they're created/updated? > > > > 3. Besides MS keys, what other applications are > of interest? > > > > 4. What references do you use already? Are you > maintaining a local > > list? Do you access online references (if so, can > you share the > > links/URLs)? How credible are your references? > > > > I think that there's a need for consolidation, > testing/analysis (to > > verify and establish credibility), and a way to > make it available to > > everyone who needs it. Perhaps a way to do with > would be to have a > > central location, maintained by one person (or a > small group) with > > requirements for submissions and updates. That > way, the list could be > > available to all, with at least some assurance > that a process is followed > > and updates aren't made lightly. > > > > Thoughts? Submissions? > > > > H. Carvey > > "Windows Forensics and Incident Recovery" > > http://www.windows-ir.com > > http://windowsir.blogspot.com > -- > peter > [EMAIL PROTECTED] > > -- > http://www.fastmail.fm - Same, same, but differentÂ… > > ------------------------------------------ Harlan Carvey, CISSP "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://windowsir.blogspot.com ------------------------------------------
