O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Investigating User Activity

The user’s NTUSER.DAT file is loaded with data indicative of the user’s preferences and activity. Just as the SOFTWARE hive file listed software installed on the computer, the Software key of the NTUSER.DAT file contains keys for software installed on the computer. Just as those keys in the local machine SOFTWARE hive file contain entries for software long since deleted, the user’s Software key likewise contains entries of installed software. In addition, the user’s Software key contains data specific to the user. This data can be in the form of searches, usernames, passwords, commands, programs run, or strings entered, and the list goes on. We’ll cover some of the more common and significant data that is specific ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required