ZENA FORENSICS

Some days ago I was messing up with RegRipperplugins, and in particular I was using the "shares.pl" plugin on one of my cases. This plugin parses the content of the registry key "SYSTEM\CurrentControlSet\Services\LanManServer" (please ignore case) and returns the values of the subkey "Shares", which are the explicit shares (Microsoft File and Printers Sharing) created by a user.
Under "Shares" there should be a subkey called "Security" and under it as many REG_BINARY values as shares (I found a case with two shares and only a security value related to one share: I did not go in deep with it, another todo added...). I gugled around but I was unable to get useful stuffs (like tools) or documentation about the nature of that binary values. What I found was a post in the great win4n6 mailing list but with few interesting points. From there I posed to myself the following question.

A Windows Security Descriptor?
I tried to figure out a reli…

I must admit I had to think many seconds about "opening" a blog... In the past (oh my! almost ten years ago?!) I used Usenet, a really great distributed resource... now pugol has my email, my navigation (at least when I do not try to avoid it), my pluses and... my blog (I forgot some my translations too). All in its hands... it's something that's make me (a little) scary... Sometimes it's being said that digital information is volatile: hum, technically speaking yes, sometimes a lot. But here I'd not apply such characteristic... I had a lot of - probably - useless thoughts about my first post but I do not want to loose too much time by sharing non-techical details, not now.