O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9

Registry Evidence

In the previous chapter, we discussed the registry structure and some research techniques. While pursuing the latter, we showed you that there is considerable potential evidentiary data in the registry. Sometimes you already have the tools that the intruder used and can test them to determine their tracings, or footprint, on a victim system. In other cases, you won’t have that luxury, and you’ll have to begin by looking for those signs in areas where they are commonly hidden or using other shortcuts or techniques to locate them.

Every examination is somewhat different, but within a group of attackers, you can find similarities since they often use shared methodologies and tools. Despite these similarities, there will ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required