Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Taha İslamYILMAZ
Computer Engineering
TOBB ETU
ADEO IWS - Computer Forensics
WINDOWS REGISTRY
Windows Registry
• Understanding what registry means and what it does
• How windows registry is built up and what files ar...
Windows Registry
• Central database of Windows
• The database contains most of the settings for Windows ,
programs,hardwar...
Windows Registry
• C:WindowsSystem32config
Windows Registry
• HKCR - Contains information about the correct program opens
when executing a file withWindows Explorer....
Windows Registry
• HKU - Contains all user profiles that exist on the system.
Also contains information about the type of ...
Windows Registry
Windows Registry
Important informations can be recovered for forensic cases:
• System Configuration
• Devices on the Syste...
Windows Registry
Reports are created with regripper_2.02
• System Configuration
• Hive : SYSTEM
Windows Registry
Reports are created with regripper_2.02
• Devices on the System
• Hive : SYSTEM
Windows Registry
Reports are created with regripper_2.02
• User Names
• Hive : SAM
Windows Registry
Reports are created with regripper_2.02
• Web Browsing Activity
• Hive : NTUSER.DAT
Windows Registry
Reports are created with regripper_2.02
• Recent Files
• Hive : NTUSER.DAT
Windows Registry
DEMO : Few important keys for forensics in registry
Thank you for listening to me !
Upcoming SlideShare
Loading in …5
×

0

Share

Download to read offline

Windows registry forensics

Download to read offline

Brief explanation of Windows Registry and Important Registry Keys for Forensic Investigations

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Windows registry forensics

  1. 1. Taha İslamYILMAZ Computer Engineering TOBB ETU ADEO IWS - Computer Forensics WINDOWS REGISTRY
  2. 2. Windows Registry • Understanding what registry means and what it does • How windows registry is built up and what files are used • Few important keys for forensics in registry • Demo
  3. 3. Windows Registry • Central database of Windows • The database contains most of the settings for Windows , programs,hardware and users. • Such as , profiles for each user , the applications installed on the computer , what hardware exist on the system and the last shut down time of computer.
  4. 4. Windows Registry • C:WindowsSystem32config
  5. 5. Windows Registry • HKCR - Contains information about the correct program opens when executing a file withWindows Explorer. • HKCU - Contains the profile about the user that is logged on. • HKLM - Contains system-wide hardware settings and configuration information.
  6. 6. Windows Registry • HKU - Contains all user profiles that exist on the system. Also contains information about the type of hardware installed , default settings of softwares and desktop configurations.These informations is used for all users who log on to this computer. • HKCC - Contains information about the hardware profile used by the computer start up.
  7. 7. Windows Registry
  8. 8. Windows Registry Important informations can be recovered for forensic cases: • System Configuration • Devices on the System • User Names • Web Browsing Activity • Recent Files
  9. 9. Windows Registry Reports are created with regripper_2.02 • System Configuration • Hive : SYSTEM
  10. 10. Windows Registry Reports are created with regripper_2.02 • Devices on the System • Hive : SYSTEM
  11. 11. Windows Registry Reports are created with regripper_2.02 • User Names • Hive : SAM
  12. 12. Windows Registry Reports are created with regripper_2.02 • Web Browsing Activity • Hive : NTUSER.DAT
  13. 13. Windows Registry Reports are created with regripper_2.02 • Recent Files • Hive : NTUSER.DAT
  14. 14. Windows Registry DEMO : Few important keys for forensics in registry
  15. 15. Thank you for listening to me !

Brief explanation of Windows Registry and Important Registry Keys for Forensic Investigations

Views

Total views

549

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

36

Shares

0

Comments

0

Likes

0

×