Nytro Posted October 20, 2011 Report Share Posted October 20, 2011 RTCA : Portable Windows forensic analysis toolOCTOBER 20, 2011 13:13 PM - 0 COMMENTS by BLACK on OCTOBER 20, 2011RTCA is a Windows forensic analysis tool, registry, audit logs and files. RTCA basically is a standalone and portable application for extraction and analysis investigation, can be used in local configuration report or analysis after extraction. As it analysis after extraction analysis is fast and acurate.Features of RTCACompatible with Windows XP, Vista, 2003, 2008, 7, 8 32-bit (64-bit version will be compiled) and 90% ok under Wine.Can be run in command line.Processing and copies of registry files (damaged registry too).System information: bootKeys/syskey, security features, serials MS…Applications, updates, list of services, drivers, and USB…UserAssist (command history performed by each user).Applications at startup.Network configuration, wireless and SSID.List of accounts, users and hash passwords.Passwords stored in the registry (eg VNC).Most Recent Used historical paths.Registry Viewer Lite.Processing of local logs file, evt (Windows= Vista) and log ( format linux / unix).file system extraction (file and directory) : acls, hidden and protected system state.Files explorer lite.Processes and associated network ports.Synthesis (audit logs, file and registry) sort by date.Export / Import results in CSV, HTML and XML.Download:http://omnia-projetcs.googlecode.com/svn/trunk/RTCA/RtCA.exeSursa: http://www.pentestit.com/rtca-portable-windows-forensic-analysis-tool/ Quote Link to comment Share on other sites More sharing options...
