Saturday, January 03, 2009

First Post of 2009

Just a couple of things for my first post of 2009...

It seems that RegRipper is catching on, if this post about Enhancing RegRipper is any indication. I have some comments on the post, and the author has responded.

Christina has updated the eEvidence site again, just before the New Year...as always, there are some very promising links...

What 2009 holds...
Not resolutions or predictions, but for 2009, I'd like to do more development on RegRipper, as well as integrate all of my tools into a timeline framework, extending the work of others (Brian Carrier w/ TSK, Michael Cloppert w/ ex-tip, etc.)

Work is progressing on WFA 2/e...I'm currently finishing up chapter 3, and once I get that turned in to my editor, I'll try to get some rewrites done, but I still have one chapter...Registry Analysis...still left to do and get in for review.

2 comments:

Anonymous said...

First comment of 2009! Our recent discusion of RAM acquisition prompted me to do a little research into the nuances of x64. One thing that I knew a little bit about was reinforced. Now, and for the foreseeable future, most apps that run on x64 will be 32-bit. Concerning the registry, there may be some redirection ionvolved, much like the Vista sandbox folders. What I haven't studied, is the extent to which we must look to other places in the registry. For example, HKLM\SOFTWARE\Wow6432Node. No doubt you know more about this than I, but is this topic something that you'll address in the much anticipated WFAII?

Many HP, Gateway, Compaq, etc. machines sold by the chains have Vista Home 64 installed. I haven't seen one yet, but they'll show up any day and will eventually replace x86 entirely

H. Carvey said...

...is this topic something that you'll address in the much anticipated WFAII?

Probably not to the extent that you're hoping. The fact is that I don't have access to any 64-bit Windows systems, nor to any with 32-bit applications installed. So while I'll be talking about redirection in both the "64-bit OS w/ 32-bit apps" sense, and the Vista sense, the fact is that there likely won't be any RegRipper plugins available for 64-bit systems anytime soon.