The Windows Registry as a forensic resource

Abstract

Forensic investigators may use data reduction techniques, such as comparing hashes of ‘‘known-good’’ or ‘‘known-bad’’ files to the files located on the image they’re examining, particularly when dealing with Windows systems. However, analysis of a Windows system can go much deeper than an examination of the file system alone. The Windows Registry provides a… (More)
DOI: 10.1016/j.diin.2005.07.003
View Slides

Topics

3 Figures and Tables

Statistics

0510'06'07'08'09'10'11'12'13'14'15'16'17'18
Citations per Year

51 Citations

Semantic Scholar estimates that this publication has 51 citations based on the available data.

See our FAQ for additional information.

Slides referencing similar topics