The good guys that wrote Windows Secret Explorer (LastBit.cm) have included the date that certain entries were created/added to keys in the SAM at least. You may find that bit useful as it can indicate (clock problems excepted) when an online form was completed/updated or access to a login was made.
<disclaimer> I've not looked at it in detail though </disclaimer> Andy -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 01 February 2006 19:15 To: [email protected] Subject: Re: Registry Research Tim, Thanks. I've got code that does that myself...written in Perl, it runs on any platform that supports Perl...Windows, Linux, Mac, etc. I'll clarify a bit...I'm not looking for tools to dump the contents of the Registry, or view them. I'm not looking so much for a list of keys, as I am looking for folks who are doing research into forensic analysis of the Registry, correlation of values/LastWrite times to data from other keys or from within the file system, etc. I hope that clears things up a bit.
