4. Case Studies
Tracking User Activity
This chapter discusses a great deal of the data that can be extracted from Registry hives associated with a User Profile, in order to demonstrate or illustrate indicators of patterns of activity. This information can be used by analysts to demonstrate when the user was logged into the system and to locate indicators of malware infections, intrusions, and a number of other activities.
Registry, NTUSER.dat, USRCLASS.dat, UserAssist, MuiCache, virtualization, RecentDocs, WordWheelQuery, user
Select one (1) Case Study and comment on your insights and observations concerning the case. Discuss the quality of the investigation? Is there any additional information that you believe could have been captured from the registry based on the Case Study?
All responses to the main discussion question must be accompanied by a minimum of two (2) APA formatted references.600 words