Windows Registry Forensics-Case Study

 

4. Case Studies

Tracking User Activity

Information in This Chapter
Tracking User Activity
Scenarios

This chapter discusses a great deal of the data that can be extracted from Registry hives associated with a User Profile, in order to demonstrate or illustrate indicators of patterns of activity. This information can be used by analysts to demonstrate when the user was logged into the system and to locate indicators of malware infections, intrusions, and a number of other activities.
Keywords
Registry, NTUSER.dat, USRCLASS.dat, UserAssist, MuiCache, virtualization, RecentDocs, WordWheelQuery, user

 

Select one (1) Case Study and comment on your insights and observations concerning the case. Discuss the quality of the investigation? Is there any additional information that you believe could have been captured from the registry based on the Case Study? 

All responses to the main discussion question must be accompanied by a minimum of two (2) APA formatted references.600 words

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *