{"id":8195,"date":"2022-08-06T20:57:45","date_gmt":"2022-08-06T20:57:45","guid":{"rendered":"https:\/\/www.hexacorn.com\/blog\/?p=8195"},"modified":"2022-08-06T20:57:45","modified_gmt":"2022-08-06T20:57:45","slug":"week-of-data-dumps-part-7-registry","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2022\/08\/06\/week-of-data-dumps-part-7-registry\/","title":{"rendered":"Week of Data Dumps, Part 7 &#8211; registry"},"content":{"rendered":"\n<p>This one is not a surprise, I hope. Most of forensic artifacts come from either file- or Registry- oriented artifacts. Of course, there is a macOS&amp;OS\/X world out there, there is Linux, but in reality, lots of DFIR is still living inside the Microsoft world.<\/p>\n\n\n\n<p>My <a href=\"https:\/\/hexacorn.com\/tools\/3r.html\">3R<\/a> page lists a lot of interesting Windows Registry artifacts that I automagically pulled from <a href=\"https:\/\/github.com\/keydet89\/RegRipper3.0\">Harlan Carvey&#8217;s regripper<\/a>.<\/p>\n\n\n\n<p>The <a href=\"https:\/\/hexacorn.com\/d\/reg.txt\">file linked to this post<\/a> shows a few more, either properly attributed&#8230; or not. After all, who has the TIME for all the analysis?!!! Still, hopefully it&#8217;s useful to some&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This one is not a surprise, I hope. Most of forensic artifacts come from either file- or Registry- oriented artifacts. Of course, there is a macOS&amp;OS\/X world out there, there is Linux, but in reality, lots of DFIR is still &hellip; <a href=\"https:\/\/www.hexacorn.com\/blog\/2022\/08\/06\/week-of-data-dumps-part-7-registry\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[53,39,21],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/8195"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=8195"}],"version-history":[{"count":2,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/8195\/revisions"}],"predecessor-version":[{"id":8197,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/8195\/revisions\/8197"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=8195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=8195"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=8195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}