Registry Processing
|
||
Return to Main Forensics Help Page
|
||
| The below
information is for forensic processing of registry databases from Win 9x
and Win NT, 2K & XP operating systems. Considerable forensic
information can be obtained from this often overlooked source of
information. Shares, mapped drives, embedded trojans, passwords (not
all but a few), user names, download locations, lists of files searched
for, lists of URL's, MRU (Most Recently Used) lists abound, desktop
settings, installed programs (even ones the user thought they
uninstalled), and whole array of other useful forensic data can be found
in this database. As this information is developed, discovered, etc.
this section will grow tremendously.
|
||
| 1/31/02 | Determining which drives, folders, or
files are shared on a network by examining registry keys.
|
|
This web site was created to provide assistance to computer forensics examiners engaging in cyber-crime investigations. This field is rapidly evolving and changing as technology marches forward. It is, therefore, intended to be a growing and evolving resource. As you conduct your examinations and investigations, if you encounter information, links, or have suggestions that would help others, please let me know so I can add it to this site. My email address is sbunting@udel.edu . Thank you.
| This site created and maintained by: | ||
| Captain Stephen M. Bunting | ||
| University of Delaware Police | ||
| Phone 302-645-4334 | ||
| Email: sbunting@udel.edu |