Training
Windows Registry Forensic Analysis
Training Overview
The "Windows Registry Forensic Analysis" training comprehensively teaches how to analyze the Windows Registry in forensic investigations and extract digital evidence. The training covers the fundamental structure and function of the Registry, introducing the tools and techniques used in the collection and analysis of digital evidence.
What You Will Learn
- The structure of the Windows Registry and the role of hives.
- How to use tools like Registry Explorer and RegRipper for analysis.
- How to find evidence of program execution, user activity, and persistence mechanisms.
- How to analyze artifacts like UserAssist keys.
Who is this for?
- Digital Forensic Investigators.
- Incident Responders.
- Malware Analysts.
Prerequisites
- A solid understanding of the Windows operating system.
- Prior experience with forensic principles is recommended.
Tools You Will Use
- KAPE
- FTK Imager
- Registry Explorer
- RegRipper
Training Sections
- Introduction
- KAPE
- FTK
- Registry Explorer
- UserAssist
- RegRipper
- Exam