![]() ![]() Along with the increasing use of computers and the internet, comes a little problem called computer crime– facetiously speaking. It is much more common to send or receive an email than a physical letter. Today’s society relies heavily on computers and the internet to accomplish everyday tasks, which includes practically everything from communicating and shopping online to banking and investing. IntroductionThe Importance of a Registry Examination #RECENTAPPS REGISTRY FORENSICS WINDOWS#Searches were conducted and files were downloaded from these networks, not to engage in illegal or malicious activity, but to help provide a better understanding of the software’s architecture and how it utilizes the Windows Registry from a forensics standpoint. The P2P client programs that were downloaded, installed, used, and examined were for the purpose of research use only. All of the screenshot images contained in this paper were captured from the Windows XP system in which the research was conducted on. ![]() The illustrations throughout this paper are intended to provide a better understanding of the subject being discussed. Windows XP is still very current and much of the same information can still be applied to previous versions of Windows. The reasons XP was chosen to be discussed over other versions of Windows is because it remains popular and very widely used among average computer users, thus the chance of encountering it in a forensic examination is higher. For the sake of simplicity, there will only be reference to the Windows XP operating system – Even though earlier versions of Windows utilize the Registry, contain similar characteristics, and even apply many of the same concepts. This paper is primarily a product of research, but may also serve as a reference to a Windows registry examination. Many of the Registry keys that are imperative and relevant to an examination will also be discussed. In essence, the paper will discuss various types of Registry ‘footprints’ and delve into examples of what crucial information can be obtained by performing an efficient and effective forensic examination. AbstractThis paper will introduce the Microsoft Windows Registry database and explain how critically important a registry examination is to computer forensics experts. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |