A Consistency Study of the Windows Registry
نویسندگان
چکیده
This paper proposes a novel method for checking the consistency of forensic registry artifacts by gathering event information from the artifacts and analyzing the event sequences based on the associated timestamps. The method helps detect the use of counter-forensic techniques without focusing on one particular counter-forensic tool at a time. Several consistency checking models are presented to verify events derived from registry artifacts. Examples of these models are used to demonstrate how evidence of alteration may be detected.
منابع مشابه
Forensic Analysis of Windows Registry against Intrusion
Windows Registry forensics is an important branch of computer and network forensics. Windows Registry is often considered as the heart of Windows Operating Systems because it contains all of the configuration setting of specific users, groups, hardware, software, and networks. Therefore, Windows Registry can be viewed as a gold mine of forensic evidences which could be used in courts. This pape...
متن کاملOptimizing Disparity Candidates Space in Dense Stereo Matching
In this paper, a new approach for optimizing disparity candidates space is proposed for the solution of dense stereo matching problem. The main objectives of this approachare the reduction of average number of disparity candidates per pixel with low computational cost and high assurance of retaining the correct answer. These can be realized due to the effective use of multiple radial windows, i...
متن کاملSuspects’ data hiding at remaining registry values of uninstalled programs1
Windows registry, a central repository for configuration data, should be investigated for obtaining forensic evidences, since it contains lots of information that are of potential evidential value. Using some forensic tools, forensic examiners can investigate values of windows registry and get information can be forensic evidences. However, since windows registry contains huge amount of values ...
متن کاملA Forensic Analysis of the Windows Registry
This paper will introduce the Microsoft Windows Registry database and explain how critically important a registry examination is to computer forensics experts. In essence, the paper will discuss various types of Registry footprints and delve into examples of what crucial information can be obtained by performing an efficient and effective forensic examination. Many of the Registry keys that a...
متن کاملWindows Registry Forensics: An Imperative Step in Tracking Data Theft via USB Devices
Owing to the increasing pace of occurrence of crimes in digital world, cyber forensic investigation is becoming a burning topic in the field of information security. Registry is an important location in Windows system that contains footprints of user activities and other configuration data, which may be valuable for forensic investigators in collecting potential evidences from the system. This ...
متن کامل