-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You're going to have to snip out the parts of the source that you need, but this should get you started. Written in C.
http://home.eunet.no/~pnordahl/ntpasswd/ Rikard Johnels wrote: > Hello! > I have been set to analyse two windows registry files from a compromised > Win98 > system. All i am given is the user.dat and system.dat files from the > recovered disk. > > How can i read these files and recover data from them? > Especially we need the ISP settings (Modem. It has no network card) to be > able > to verify where this specific computer was connecting to. > > Any tips or pointers? > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9256C360 iD8DBQFEQ//IHYbPX5JWw2ARAjRkAKCOiwxSNactTePeNWXUsiJsR1dsBwCcDs1X rauVDghFMUwNLork/39G8mQ= =4ROa -----END PGP SIGNATURE-----
