Home How To Digging Up the Past: Windows Registry Forensics Revisited

How To

Digging Up the Past: Windows Registry Forensics Revisited

Posted on January 9, 2019

1,475

David Via from FireEye has written a very good article
focused on the following known sources of historical registry data:

Registry transaction logs (.LOG)
Transactional registry transaction logs (.TxR)
Deleted entries in registry hives
Backup system hives (REGBACK)
Hives backed up with System Restore

Related Articles
More In How To

50 Shades of Ransomware

Ransomware is still one of the most common types of malware deployed during cyberattacks. …

2 weeks ago
2 min read
Tools up: the best software and hardware tools for computer forensics

Igor Mikhailov is a digital forensic analyst of the digital forensic laboratory at Group-I…

4 weeks ago
1 min read
Following the RTM

Researchers became aware of the activities of the RTM group in December 2015. Since then, …

October 9, 2019
1 min read

Load More Related Articles

Step by Step Guide to iOS Jailbreaking and Physical Acquisition

Oleg Afonin from Elcomsoft has posted a step by step guide on how to perform jailbreaking …

May 30, 2019
18 second read
Creating a File System Image of iOS12

Apple’s iOS 12 is the latest iteration in their mobile device software. With each it…

May 28, 2019
1 min read
Parsing Carved EVTX Records Using EvtxECmd

Teru Yamazaki has posted about how to extract Windows Event Log files from allocated space…

May 11, 2019
24 second read

Load More In How To

Click To Comment

Leave a Reply Cancel reply