Oct 042012

This post is on behalf of one of our students, Ms. Jacky Fox. Given below is the archive that contains her MSc dissertation and the Bash scripts she wrote to extract and correlate Windows registry artifacts. During her research she discovered that recent versions of Microsoft Windows introduced subtle changes to forensic interpretation of Windows registry keys, including UserAssist and the keys related to USB devices. Modern forensic literature and tools do not reflect these changes – hence this post.





[suffusion-the-author display='description']

  3 Responses to “Some Pitfalls of Interpreting Forensic Artifacts in Windows Registry”

  1. Thank you for sharing your observations and Learning.

  2. Thanks. a very interesting read and I look forward to playing with the bash scripts 🙂

  3. Daniel Beaulieu

    I cannot thanks enough for that article.Really thank you!

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>