registry forensics

How To

Digging Up the Past: Windows Registry Forensics Revisited

David Via from FireEye has written a very good article focused on the following known sources of historical registry data: R…

News

Join our Telegram DFIR group!

Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…

Webinars

Exploring Registry Explorer

This webinar covers Registry Explorer version 1.0 including features such as searching multiple hives, transaction log repla…

White Papers

Comments on “Windows Registry Forensic Tool Specification”

Maxim Suhanov has published his comments on NIST’s “Windows Registry Forensic Tool Specification”. You can find Public…

Videos

Forensic Lunch with Maxim Suhanov

This time the “Forensic Lunch” with David Cowen meets Maxim Suhanov – digital forensics analyst, researche…

Articles

Carving Fragmented Registry Files

Yet another registry parser, or yarp, is a library and tools to deal with Windows registry files [1]. Despite the name, yarp…

Videos

Shellbag Forensics

As a continuation of the “Introduction to Windows Forensics” series, this video by Richard Davis introduces Shel…

Presentations

In-Depth Forensic Analysis of Windows Registry Files

The Windows registry is an essential source of evidence when performing a wide range of examinations. In a recent talk (Zero…

How To

Amcache and USB Device Tracking

Jason Hale has published an interesting post on how to use the amcache to track USB devices. You can find device serial numb…

Videos

Investigating Malware Using Registry Forensics

Here is Jason Hale’s talk from Louisville Infosec 2017 titled “Investigating Malware Using Registry Forensics…

Tag Archives: registry forensics

Digging Up the Past: Windows Registry Forensics Revisited

Join our Telegram DFIR group!

Exploring Registry Explorer

Comments on “Windows Registry Forensic Tool Specification”

Forensic Lunch with Maxim Suhanov

Carving Fragmented Registry Files

Shellbag Forensics

In-Depth Forensic Analysis of Windows Registry Files

Amcache and USB Device Tracking

Investigating Malware Using Registry Forensics

About Us

Popular Posts

Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection

Cloud Forensics: Analyzing MEGASync

Magnet User Summit CTF: Intrusion

Timeline

50 Shades of Ransomware

Tools up: the best software and hardware tools for computer forensics

Following the RTM

Using MITRE ATT&CK for Forensics: Image File Execution Options Injection (T1183)

Using MITRE ATT&CK for Forensics: WMI Event Subscription (T1084)

Tag Archives: registry forensics

Follow Us

About Us

Popular Posts

Timeline

50 Shades of Ransomware

Tools up: the best software and hardware tools for computer forensics

Following the RTM

Using MITRE ATT&CK for Forensics: Image File Execution Options Injection (T1183)

Using MITRE ATT&CK for Forensics: WMI Event Subscription (T1084)