The Windows Registry as a forensic resource


Forensic investigators may use data reduction techniques, such as comparing hashes of ‘‘known-good’’ or ‘‘known-bad’’ files to the files located on the image they’re examining, particularly when dealing with Windows systems. However, analysis of a Windows system can go much deeper than an examination of the file system alone. The Windows Registry provides a… (More)
DOI: 10.1016/j.diin.2005.07.003
View Slides


3 Figures and Tables


Citations per Year

51 Citations

Semantic Scholar estimates that this publication has 51 citations based on the available data.

See our FAQ for additional information.

Slides referencing similar topics