Ares and Lime Pro Registry Report
This script will find NTUSER.dat files and extract the subkeys [\Software\Ares] and [\Software\Lime Pro] into two bookmarks. It will also interpret a number of known values and decrypt some values that are encrypted.
Note that bookmarks will only be created for NTUSER.dat files that have at least one of the above Registry keys.
Research by Matt McFadden and James Habben. Originally written by James Habben.
This script was developed for use in EnCase training. For more details, please click the following link:
Download Now