1/18/2023 0 Comments Advanced network scanner![]() The key LastRangeUsed is created upon the first time a scan is performed with AIS. All the keys, except for LastRangeUsed are created upon the first time the application is started. This table shows the name of subkeys together with the type of subkeys, the value (data) of the subkey, a comment with what the subkey represents and what the function is within AIS. ![]() ![]() 3.3 The ‘advanced_ip_scanner\State’ keys and subkeysĪ variety of subkeys are listed under the key advanced_ip_scanner/State, as shown in Table 3. Table 2: Overview of the AIS registry key ‘advanced_ip_scanner’ under HKEY_USERS hive. Indicates whether found hosts with the status ‘unknown’ should be represented in the GUI. Especially the locale subkey might be of relevance, since this could potentially reveal something about the background of the threat actor, as well as the locale_timestamp key since this gives an indication of when the application has been used for the first time. This table shows the name and type of the subkeys, together with the value (data) of the subkey, a comment with what the subkey represents and what the function is within AIS. If we look at the subkeys of the advanced_ip_scanner key, we are presented with the keys as shown in T able 2. 3.2 The ‘advanced_ip_scanner’ keys and subkeys The most relevant traces from a forensic perspective are either stored under the ‘ advanced_ip_scanner ’, or the ‘ State ’ key.įigure 2 – Overview of keys created with regards to AIS. While looking at it graphically, multiple keys and subkeys are created as shown in Figure 2. The mentioned registry keys are created, by both the installer version of AIS and the portable version, after the first usage of the application and subsequently some (sub)keys are updated after using AIS. Data is more specifically stored at the following location:Ĭomputer\HKEY_USERS\\SOFTWARE\famatech\advanced_ip_scanner 3.1 AIS registry keysĪfter the installation of AIS, keys and subkeys are created in the HKEY_USERS hive of the user under which account AIS was installed. Do note that for both the portable version as well as the installer version, the same traces are created in the Windows registry. This section describes the traces that are created during usage of the AIS tool and more specifically, the Windows registry keys that are being created. Forensic tracesĪIS leaves traces on a host system when it is executed. The fact that there is a portable version of Advanced IP Scanner, that it has a GUI and that the tool supports a variety of ways to interact with identified systems probably contributes to it popularity. If enabled, this provides the user with functionality to remotely boot a system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |