http://tech.groups.yahoo.com/group/win4n6/ Windows Forensic Analysis Tue, 05 Jan 2010 18:44:57 GMT Tony Rodrigues http://tech.groups.yahoo.com/group/win4n6/message/1487 http://tech.groups.yahoo.com/group/win4n6/message/1487 Folks, I was reading Kevvie Fowler SANS GCFA Gold Paper "Forensic Analysis of a SQL Server 2005 Database Server" and I thought it would be useful to write a Tue, 05 Jan 2010 12:18:05 GMT keydet89 http://tech.groups.yahoo.com/group/win4n6/message/1486 http://tech.groups.yahoo.com/group/win4n6/message/1486 ... Very cool! Did you see what Paul posted: https://docs.google.com/fileview?id=0B3oC9uB5ETAbMDY2NGNlNTAtYWNiNy00NDkxLWE1OTEtZGY0YmNhNDAxN2Ji&hl=en Tue, 05 Jan 2010 12:16:04 GMT keydet89 http://tech.groups.yahoo.com/group/win4n6/message/1485 http://tech.groups.yahoo.com/group/win4n6/message/1485 Darren, ... ;-) I originally kept rip.exe around because I was using it to test each new plugin I wrote, but then I found that hey, I can write a batch file Tue, 05 Jan 2010 06:56:22 GMT darren_q@... http://tech.groups.yahoo.com/group/win4n6/message/1484 http://tech.groups.yahoo.com/group/win4n6/message/1484 Oh, for those that are interested; I created the folder; "c:\reg\" and put regripper and rip.exe in there. Created a batch file in "c:\reg", with the following Tue, 05 Jan 2010 04:58:08 GMT darren_q@... http://tech.groups.yahoo.com/group/win4n6/message/1483 http://tech.groups.yahoo.com/group/win4n6/message/1483 Never mind, did it with a simple batch file pointing rip.exe to the folder containing the reg files, processes each one in turn... simple really. Tue, 05 Jan 2010 04:16:50 GMT darren_q@... http://tech.groups.yahoo.com/group/win4n6/message/1482 http://tech.groups.yahoo.com/group/win4n6/message/1482 Re Browser Stuff ( http://windowsir.blogspot.com/2010/01/browser-stuff.html ) Extracting the Registry Files is the first thing I do, then whilst other Mon, 04 Jan 2010 17:55:29 GMT Sean McLinden http://tech.groups.yahoo.com/group/win4n6/message/1481 http://tech.groups.yahoo.com/group/win4n6/message/1481 Well, you do have: http://www.databreaches.net/ http://www.idtheftcenter.org/ http://www.datalossdb.org/ But, of course, these are only the reported incidents Mon, 04 Jan 2010 17:33:56 GMT Ron McGill http://tech.groups.yahoo.com/group/win4n6/message/1480 http://tech.groups.yahoo.com/group/win4n6/message/1480 Other forensic fields share information or have databases--CODIS, NIBIN, etc.  Too bad there is not a database or system to tell CFEs what is going on in the Mon, 04 Jan 2010 15:26:50 GMT Sean McLinden http://tech.groups.yahoo.com/group/win4n6/message/1479 http://tech.groups.yahoo.com/group/win4n6/message/1479 ... I'm not so sure, from my professional experience, that the intelligence community is that much farther along. Remember that a significant portion of the Mon, 04 Jan 2010 15:16:41 GMT Greg Kelley http://tech.groups.yahoo.com/group/win4n6/message/1478 http://tech.groups.yahoo.com/group/win4n6/message/1478 I think the biggest issue when someone admits a mistake is what potential liability that person is admitting for their company. I know that internally, we do Mon, 04 Jan 2010 14:44:43 GMT Nick Anthis http://tech.groups.yahoo.com/group/win4n6/message/1477 http://tech.groups.yahoo.com/group/win4n6/message/1477 All this insight is great, but it certainly highlights that this arena is in the same boat that the intelligence community was before 9/11. Not enough Mon, 04 Jan 2010 14:32:35 GMT Sean McLinden http://tech.groups.yahoo.com/group/win4n6/message/1476 http://tech.groups.yahoo.com/group/win4n6/message/1476 ... Harlan: I understand, as well. I was simply trying amplify your point by illustrating just how big a problem it is. The shear number of people out there Mon, 04 Jan 2010 14:18:53 GMT keydet89 http://tech.groups.yahoo.com/group/win4n6/message/1475 http://tech.groups.yahoo.com/group/win4n6/message/1475 Sean, ... Understood, but my point was that the bad guys do it, and I think that in some ways, the good guy's inability to do something similar (with respect Mon, 04 Jan 2010 14:07:19 GMT Sean McLinden http://tech.groups.yahoo.com/group/win4n6/message/1474 http://tech.groups.yahoo.com/group/win4n6/message/1474 ... Right on! There are "social" networks out there where tools and techniques are bartered, or shared, outright. I can go onto a BB and issue a "bid" for Sun, 03 Jan 2010 23:15:50 GMT keydet89 http://tech.groups.yahoo.com/group/win4n6/message/1473 http://tech.groups.yahoo.com/group/win4n6/message/1473 John, ... While I do appreciate the point of view, I too often feel that it's an excuse. I think that the concern folks have is that if they let out what they