32 Replies
Post created!
🔎 This post has been indexed in our web forum and will be seen by search engines so other users can find it outside Discord
🕵️ Your user profile is private by default and won't be visible to users outside Discord, if you want to be visible in the web forum you can add the "Public Forum Profile" role in <id:customize>
✅ You can mark a message as the answer for your post with
Right click -> Apps -> Mark Solution
(if you don't see the option, try refreshing Discord with Ctrl + R)
Can you please post screenshots separately both both screens I cannot read the text
And why don't you show a screenshot of where exactly you're having an error, because this is just... not helpful for anyone to help you
hold on
Is that where you're having issues? Cause if so, then I suggest you read the text on the right
i have a problem
doing this
i am having trouble with 2 and 3
where it i have to put them in the RegRipper
and on the hive
file
i did that
and it worked
but for the report for the 2nd one
it is not workng
You're telling it where to save the report
Yes
Correct
Now open them
Now open it
Again, you're not reading the instructions on the right
Sweet, so it's working as intended
There is no problem here lol
but what do i do next tho
my guy
it says
on the right
of your screen
what to do
contrl f
ik
i did that
So continue to read past that
i did
and it did not show me a goal ion that i have did this
i am mising something?
Please read the instructions, keep clicking find next until you find the entries described in the instructions
You will see RegRipper has not only found the files but also information such as the times when they were written.
Repeat the search, clicking Find Next each time to see the many reports about recent docs. After about ten searches you will find a timeline for when these recent documents were written: all between March 23 and March 25 and many late in the evening of those days.
Scroll back to the top of the file and click on the first line. This time use cntrlf to find the work burn
Can you tell the user used a CD burning program on March 25?
Let's see if we can find some recently downloaded files.
Go to the top of the file, click on the first line, and search for Download.
You will see that one of the files downloaded by the user is Eraser 6.2.0.2962.exe. Eraser is a secure data removal tool for Windows! It appears our users was trying to hide his tracks. (Though not well enough to evade our forensics tools.)
Close Notepad
Move the two ntuser_reg_rip.txt files to the Recycle Bin.
Yes, so if you read that and follow it, you'll have no problems lol
i am looking at it
Have you tried finding in both directions? Or grepping the output of the file?
Can you tell the user used a CD burning program on March 25?
how do i do that
i looked for march 25
with burn
and it never showed with a user who used this
how to do that'
hello?
@Cyber Forum
can you guys help me those files in the recycling bin?
Go to the top of the file, click on the first line, and search for Download.
You will see that one of the files downloaded by the user is Eraser 6.2.0.2962.exe. Eraser is a secure data removal tool for Windows! It appears our users was trying to hide his tracks. (Though not well enough to evade our forensics tools.)
Close Notepad
Move the two ntuser_regrip.txt files to the Recycle Bin.
@wagon @weet