Home How To Digging Up the Past: Windows Registry Forensics Revisited

How To

Digging Up the Past: Windows Registry Forensics Revisited

Posted on 1 week ago

446

David Via from FireEye has written a very good article
focused on the following known sources of historical registry data:

Registry transaction logs (.LOG)
Transactional registry transaction logs (.TxR)
Deleted entries in registry hives
Backup system hives (REGBACK)
Hives backed up with System Restore

Related Articles
More In How To

volatility-wnf: Browse and dump Windows Notification Facilities

This Volatility plugin is based on work of Alex Ionescu and Gabrielle Viala. https://blog.…

13 hours ago
42 second read
Learning Android Forensics, 2nd Edition has been released

The 2nd edition of Learning Android Forensics by Oleg Skulkin, Donnie Tindal and Rohit Tam…

2 days ago
2 min read
yara_tools: Create YARA Rules In Python

Michael Matonis has written a library that helps security researchers create simple or com…

3 days ago
20 second read

Load More Related Articles

Extracting Activity History from PowerShell Process Dumps

Lee Holmes has posted about how to extract activity history from PowerShell process dumps.…

2 weeks ago
20 second read
An introduction to file-system post-mortem forensic analysis

Computer Incident Response Center of Luxembourg has published materials used during their …

4 weeks ago
18 second read
Netflix -Windows 10 Appstore Forensics

Justin Boncaldo has written a post about forensic analysis of Netflix app. It seems the ap…

December 9, 2018
29 second read

Load More In How To

Click To Comment

Leave a Reply Cancel reply