PyCon Pune 2017

A conference on the Python programming language

Hemant Kumar

@xcodehack

Registry Forensic

Submitted Nov 28, 2016

I have developed a tool that first fetches current registry hives from system and old registry hives(enumerating Volume shadows copies or Regback folder) and then compare the changes made in registry for any malware related incident. I have used multithreaded,multiprocessing, dynamic html geenration concept heavily in this project.

Outline

The RegDiffer tool first fetches current registry hives from system and old registry hives(enumerating Volume shadows copies or Regback folder) and then compare the changes made in registry for any malware related incident.

Requirements

Projector

Speaker bio

Senior Forensic Analayst, Cyber Incident Response Team, Accenture

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}