Home How To Digging Up the Past: Windows Registry Forensics Revisited

How To

Digging Up the Past: Windows Registry Forensics Revisited

Posted on January 9, 2019

1,704

David Via from FireEye has written a very good article
focused on the following known sources of historical registry data:

Registry transaction logs (.LOG)
Transactional registry transaction logs (.TxR)
Deleted entries in registry hives
Backup system hives (REGBACK)
Hives backed up with System Restore

Related Articles
More In How To

Looking at Microsoft Teams from a DFIR Perspective

David Cowen’s Sunday Funday is back, so why not to take part in this fun? Last Sunda…

April 16, 2020
6 min read
SQM: New Evidence of Execution Source?

Forensicating one of compromised hosts during our recent incident response activities we h…

March 27, 2020
2 min read
50 Shades of Ransomware

Ransomware is still one of the most common types of malware deployed during cyberattacks. …

October 27, 2019
2 min read

Load More Related Articles

Step by Step Guide to iOS Jailbreaking and Physical Acquisition

Oleg Afonin from Elcomsoft has posted a step by step guide on how to perform jailbreaking …

May 30, 2019
18 second read
Creating a File System Image of iOS12

Apple’s iOS 12 is the latest iteration in their mobile device software. With each it…

May 28, 2019
1 min read
Parsing Carved EVTX Records Using EvtxECmd

Teru Yamazaki has posted about how to extract Windows Event Log files from allocated space…

May 11, 2019
24 second read

Load More In How To

Comments are closed.