1
1
Is there any sort of date tracking that is done or viewable in the Windows registry, such as seeing the date when X key was created, or Y key was modified, similar to how file systems track?
I'm trying to find changes that were made to specific areas of the registry during certain date ranges, and it would be fantastic if there was a way to work with date data.
Coldblackice
Posted 2020-01-13T02:37:12.277
Reputation: 4 774
2
Registry keys have a last-modified timestamp. You can use Regedit to export a key, selecting the ".txt" output format. That text file will contain the last modified date&time.
NirSoft's RegScanner utility allows one to filter selected registry keys by ranges of the last-modified timestamp.
kreemoweet
Posted 2020-01-13T02:37:12.277
Reputation: 3 884
0
There are a number of forensics-related scripts online that can help accomplish this. If you know the key(s) and there's a reasonable number, you can also export them to a .txt file in the registry editor. The LastWrite date/time will be there.
Kevin
Posted 2020-01-13T02:37:12.277
Reputation: 136
You can start using this software to take snapshots of the registry to compare later, may not help you right now but will make it easier in the future>>>>https://sourceforge.net/projects/regshot/
– Moab – 2020-01-13T18:07:35.357