From the course: Learning Cyber Incident Response and Digital Forensics
Join today to access over 24,700 courses taught by industry experts.
Analyzing the windows registry
From the course: Learning Cyber Incident Response and Digital Forensics
Analyzing the windows registry
- [Instructor] In this lesson, we're going to take a look at our suspect system by looking through their registry. Now this is important because the registry holds a lot of information that can be really useful during your forensic investigations. From within that registry, you can get a lot of details such as operating system information, user account information, recent documents that were accessed by the user, bookmarks and cookies from the suspect's web browser, and much more by parsing that information from within the registry. Now you can either look at the registry by using the Windows registry editor if you've taken a full copy of that registry database from the system during your collection process, or you can do it from within autopsy itself if you have a disc image from that window system. Now, personally I like to use autopsy because this lets me get a lot of those details automatically as autopsy will go…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
Conducting forensic analysis3m 39s
-
(Locked)
Analyzing memory contents16m 16s
-
(Locked)
Importing evidence into Autopsy7m 43s
-
(Locked)
Analyzing hidden and deleted files8m 54s
-
(Locked)
Analyzing the windows registry9m 50s
-
(Locked)
Conducting log analysis5m 17s
-
(Locked)
Creating your report6m 30s
-
(Locked)
Other considerations3m 45s
-
(Locked)
Review of the chapter quiz7m 14s
-
-
-
-