I did some search but somehow i still not able to find any clue about it.
the Image find that my lecturer want us to find evidence shown that the someone use tightvnc this remote software to remote the user machine. I'm using OSforensic to try and search for logfile but seem like no luck on it.
I also read about the VNC artifacts that you posted and somehow those registry that mentioned doesn't have win 7 version.
mikiatl wrote:
Google it i promise you will find nice things
Article about VNC artifacts
http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1080&context=adf
RegRipper plugin
https://github.com/warewolf/regripper/blob/master/plugins/vncviewer.pl
enjoy
↧