5 User Profiling Using the Windows Registry

In this chapter, we will be using the knowledge of the Windows Registry from the previous chapter to profile user activity.

As forensic examiners, we face cases in which we need to investigate user activity and profile it based on available evidence. In this chapter, we will learn more about initiating investigations and gathering information related to users by diving into the Windows Registry.

We will cover the following main topics in this chapter:

Profiling system details
Profiling user activities

We will conclude the chapter with a short section of exercises.

Profiling system details

Forensic profiling refers to the process of identifying and analyzing information that can help to create a detailed ...

Get Windows Forensics Analyst Field Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Forensics Analyst Field Guide by Muhiballah Mohammed

5

User Profiling Using the Windows Registry

Profiling system details

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly