Suspects' data hiding at remaining registry values of uninstalled programs

@inproceedings{Kim2008SuspectsDH,
  title={Suspects' data hiding at remaining registry values of uninstalled programs},
  author={Young-Soo Kim and Sang-Su Lee and Dowon Hong},
  booktitle={e-Forensics},
  year={2008}
}
Windows registry, a central repository for configuration data, should be investigated for obtaining forensic evidences, since it contains lots of information that are of potential evidential value. Using some forensic tools, forensic examiners can investigate values of windows registry and get information can be forensic evidences. However, since windows registry contains huge amount of values and these values can be modified by users, suspect can hide his secret like password in registry… CONTINUE READING