O'Reilly logo

Windows Forensics and Incident Recovery by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hiding Data in the Registry

The Registry is yet another location for hiding data within a live file system. The data stored in the Registry consists of several formats, including strings and binary data. Many types of data can be hidden within the Registry, such as text information, passwords, URLs, and binary information. Binary information can include segments of programs or even entire programs. Small programs can be hidden as a binary data type in a Registry key, or a larger program can be segmented, and those segments can be placed in separate keys.

Another place to hide data in the Registry is in the time zone information[22]. Time zone information is maintained in the following key:

[22] See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/gettimezoneinformation.asp ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required