Home How To Digging Up the Past: Windows Registry Forensics Revisited

How To

Digging Up the Past: Windows Registry Forensics Revisited

Posted on January 9, 2019

870

David Via from FireEye has written a very good article
focused on the following known sources of historical registry data:

Registry transaction logs (.LOG)
Transactional registry transaction logs (.TxR)
Deleted entries in registry hives
Backup system hives (REGBACK)
Hives backed up with System Restore

Related Articles
More In How To

Incident Forensics Lifecycle

Recently I’m becoming more and more interested in cyber threat intelligence. I even …

2 days ago
7 min read
Shining a light on Spotlight: Leveraging Apple’s desktop search utility to recover deleted file metadata on macOS

Spotlight is a proprietary desktop search technology released by Apple in 2004 for its Mac…

3 days ago
2 min read
Introduction to KAPE

The new episode of Richard Davis’ “Introduction to Windows Forensics” co…

1 week ago
14 second read

Load More Related Articles

Extracting Activity History from PowerShell Process Dumps

Lee Holmes has posted about how to extract activity history from PowerShell process dumps.…

January 5, 2019
20 second read
An introduction to file-system post-mortem forensic analysis

Computer Incident Response Center of Luxembourg has published materials used during their …

December 22, 2018
18 second read
Netflix -Windows 10 Appstore Forensics

Justin Boncaldo has written a post about forensic analysis of Netflix app. It seems the ap…

December 9, 2018
29 second read

Load More In How To

Click To Comment

Leave a Reply Cancel reply