David Via from FireEye has written a very good article focused on the following known sources of historical registry data: R…

Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…

This webinar covers Registry Explorer version 1.0 including features such as searching multiple hives, transaction log repla…

Maxim Suhanov has published his comments on NIST’s “Windows Registry Forensic Tool Specification”. You can find Public…

This time the “Forensic Lunch” with David Cowen meets Maxim Suhanov – digital forensics analyst, researche…

Yet another registry parser, or yarp, is a library and tools to deal with Windows registry files [1]. Despite the name, yarp…

As a continuation of the “Introduction to Windows Forensics” series, this video by Richard Davis introduces Shel…

The Windows registry is an essential source of evidence when performing a wide range of examinations. In a recent talk (Zero…

Jason Hale has published an interesting post on how to use the amcache to track USB devices. You can find device serial numb…

Here is Jason Hale’s talk from Louisville Infosec 2017 titled “Investigating Malware Using Registry Forensics…