Home How To Digging Up the Past: Windows Registry Forensics Revisited

How To

Digging Up the Past: Windows Registry Forensics Revisited

Posted on January 9, 2019

2,608

David Via from FireEye has written a very good article
focused on the following known sources of historical registry data:

Registry transaction logs (.LOG)
Transactional registry transaction logs (.TxR)
Deleted entries in registry hives
Backup system hives (REGBACK)
Hives backed up with System Restore

Related Articles
More In How To

Find out what happened during a ransomware attack on computer

Introduction The encryption pandemic has swept the world. No commercial companies or gover…

March 4, 2021
11 min read
PC3000 Portable III in Digital Forensics

Introduction Sooner or later, most forensics experts have to deal with damaged hard drives…

December 19, 2020
23 min read
How to analyze different types of devices and find connections between them

Modern digital forensics and incident response cases may involve quite different types of …

December 18, 2020
23 min read

Load More Related Articles

Step by Step Guide to iOS Jailbreaking and Physical Acquisition

Oleg Afonin from Elcomsoft has posted a step by step guide on how to perform jailbreaking …

May 30, 2019
18 second read
Creating a File System Image of iOS12

Apple’s iOS 12 is the latest iteration in their mobile device software. With each it…

May 28, 2019
1 min read
Parsing Carved EVTX Records Using EvtxECmd

Teru Yamazaki has posted about how to extract Windows Event Log files from allocated space…

May 11, 2019
24 second read

Load More In How To

Comments are closed.