Windows Forensics Registry
In the continually evolving Windows Forensics series, the Windows registry continues to be a major source of Windows related artifact and information storage. Having the proper knowledge of registry based artifacts can make or break an investigation.
In this 3 day course, attendees will utilise AccessData technology while being exposed to:
- Registry hive, cell and hbin block construction
- Live registry file capture from a Windows environment
- Carving registry key information from dumped memory files
- Registry testing, analysis and reporting technology
- Registry back-ups (system Volume Information and Restore Points)
- Tracking Trojan Horse programs through a suspect registry
- Tracking file associations and class ID information
- Analyzing mounted device association (USB and other devices)
- Discovering machine compromise through registry infiltration
|
