Home How To Digging Up the Past: Windows Registry Forensics Revisited

How To

Digging Up the Past: Windows Registry Forensics Revisited

Posted on January 9, 2019

1,235

David Via from FireEye has written a very good article
focused on the following known sources of historical registry data:

Registry transaction logs (.LOG)
Transactional registry transaction logs (.TxR)
Deleted entries in registry hives
Backup system hives (REGBACK)
Hives backed up with System Restore

Related Articles
More In How To

Using MITRE ATT&CK for Forensics: WMI Event Subscription (T1084)

First of all, I would like to thank all of those who liked and retweeted the previous arti…

4 days ago
4 min read
The PoSh Hunter CTF

If you want to test your PowerShell skills and interested in threat hunting – the Po…

3 weeks ago
13 second read
Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis

Last week Sarah Edwards attended MacDevOpsYVR in Vancouver, Canada, and had a talk about h…

4 weeks ago
23 second read

Load More Related Articles

Step by Step Guide to iOS Jailbreaking and Physical Acquisition

Oleg Afonin from Elcomsoft has posted a step by step guide on how to perform jailbreaking …

May 30, 2019
18 second read
Creating a File System Image of iOS12

Apple’s iOS 12 is the latest iteration in their mobile device software. With each it…

May 28, 2019
1 min read
Parsing Carved EVTX Records Using EvtxECmd

Teru Yamazaki has posted about how to extract Windows Event Log files from allocated space…

May 11, 2019
24 second read

Load More In How To

Click To Comment

Leave a Reply Cancel reply