Examining the Windows Registry and Property List

You must use at least 5 references, all from published, reliable literature (i.e., don’t use sites like Wikipedia as your source). You may, of course, have more than 5 references but at least 5 need to use published peer-reviewed literature

Question: What information is of forensic value in the Window Registry and Property List?

Outline:

  1. Importance of Windows Registry and .plist as evidence
  2. Gold mine for forensic evidence
  3. Registries are modifiable
  4. Malware found
  5. User activity used to map out recent activities
  6.   timestamps
  7. Store’s configuration settings
  8.        Common issues
  9. Missing Data
  10. Extracting Data
  11. No knowledge about structure

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>