CYBER FORENSICS - Windows Registry Forensics part 1

WINDOWS REGISTRY FORENSICS

PART I

We are taking about Windows Registry..sounds familiar,right???. There is a huge possibility that when you first bought your computer system then the person who came to configure it would have warned you that never enter into the registry.
You might even get nightmares of you accidentally getting into the registry and changed some settings and your machine became completely numb.


Ok well, thats how normal people see windows registry.
When you open the windows registry then you will know that its like a complete maze, you will literary be lost in there hahahahaha!!!!


But for a beginner in the field of cyber forensics it is mandatory to know about the windows registry.
Windows registry is significant in cyber forensics because each and every process that is going on in the windows system is registered into the registry .So when a crime takes places that include windows system of the suspect as a evidence then digging out the registry alone will get the hands of the cyber forensics investigator to the jackpot.
 

I will be showing you how to dig out some important details from the windows registry along with video tutorials.The OS I'm using is Windows 7.
 

My first post will discuss about how we can dig out details about  opened documents from registry.

Follow the steps below:-


1)Open Windows Registry



 

2)Go to HKEY_CURRENT USER


 

3)Go to Software


 

4)Go to Microsoft


 

5)Go to Windows


 

6)Go to CurrentVersion


 

7)Go to Explorer


 

8)Go to RecentDocs


 

9)You will find every opened document in its Hex form


 


You may find tools that can do this in one click but always remember,doing will develop your core knowledge.

You can also see the video tutorial of the same from the youtube channel of WOLFPACK




   
I will be posting more post related to WINDOWS REGISTRY

STAY TUNED!!!!
 

Thank You  and all your valuable queries and suggestions are welcomed.

Comments