Didier Stevens

Friday 4 August 2006

Update: UserAssist utility

Filed under: Reverse Engineering,Update — Didier Stevens @ 6:16

I’ve enhanced my UserAssist utility. After I published my utility, I had do to a small forensic investigation, but I couldn’t install my program on the machine. That’s why I added a feature to import from a REG file.

The treeview has been replaced with a table that also displays the session ID, counter and last timestamp of each entry.

userassistv2a.PNG

The commands are in a pull-down menu:

userassistv2b.PNG

New commands:

  • Load from REG file.
  • Logging Disabled

The about dialog contains a help section.

I posted my program (source code and binaries) here on the gotdotnet site. Download the ZIP file, you’ll have to extract UserAssist\UserAssist\bin\Release\UserAssist.exe to get my program. There is no setup, it’s just one executable. You’ll need the .NET Framework 2.0 runtime to run my program (download it only if you have a problem running my program, if you have an up-to-date version of Windows XP, the .NET 2.0 Framework will already be installed).

Blog at WordPress.com.