O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Performing Registry Research

In Chapter 6, “Analyzing the Computer,” we used Procmon.exe as a tool to examine the writes made to the registry by the installation of malware or bad code in order to see its impact on the host system. This same tool, Procmon.exe, can be used in a similar manner to see where and how various system settings are stored in the registry.

Although there are an infinite number of possible examples to use, the basic methodology is the same regardless of the example. In essence, we will run ProcMon, start to capture data, make a system setting change, stop the data capture, and examine the writes made to the registry. Naturally, we’ll carry out this process in a known, controlled environment.

Using this methodology, you ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required