Home How To Digging Up the Past: Windows Registry Forensics Revisited

Digging Up the Past: Windows Registry Forensics Revisited

0
0
1,475

David Via from FireEye has written a very good article
focused on the following known sources of historical registry data:

  • Registry transaction logs (.LOG)
  • Transactional registry transaction logs (.TxR)
  • Deleted entries in registry hives
  • Backup system hives (REGBACK)
  • Hives backed up with System Restore
Load More Related Articles
Load More In How To

Leave a Reply

Your email address will not be published. Required fields are marked *