Recovering deleted data from the Windows registry
نویسندگان
چکیده
منابع مشابه
Correlating Orphaned Windows Registry Data Structures
Recently, it has been shown that deleted entries of the Microsoft Windows registry (keys) may still reside in the system files once the entries have been deleted from the active database. Investigating the complete keys in context may be extremely important from both a Forensic Investigation point of view and a legal point of view where a lack of context can bring doubt to an argument. In this ...
متن کاملAn Integrated Approach to Recovering Deleted Files from NAND Flash Data
Conventional techniques for recovering deleted files often prove useless in recovering files in general and video files in particular, from downloads of the raw memory data from mobile telephones (containing NAND flash memory). Several factors that are relied upon conventionally do not occur in mobile telephones. This paper presents an approach for recovering deleted files in general and video ...
متن کاملRecovering Information from Summary Data
We formulate this task as an inverse problem, specifying a well-defined cost function that has to be optimized under constraints. We show that our formulation includes the uniformity and independence assumptions as a special case, and that it can achieve better reconstruction results if we maximize the smoothness as opposed to the uniformity. In our experiments on real and synthetic datasets, t...
متن کاملForensic Analysis of the Windows 7 Registry
The recovery of digital evidence of crimes from storage media is an increasingly time consuming process as the capacity of the storage media is in a state of constant growth. It is also a difficult and complex task for the forensic investigator to analyse all of the locations in the storage media. These two factors, when combined, may result in a delay in bringing a case to court. The concept o...
متن کاملA Forensic Analysis of the Windows Registry
This paper will introduce the Microsoft Windows Registry database and explain how critically important a registry examination is to computer forensics experts. In essence, the paper will discuss various types of Registry footprints and delve into examples of what crucial information can be obtained by performing an efficient and effective forensic examination. Many of the Registry keys that a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Digital Investigation
سال: 2008
ISSN: 1742-2876
DOI: 10.1016/j.diin.2008.05.002