Responses

Windows Registry

The critical aspect of the windows operating system is the windows registry, which maintains the configuration aspects of the system. The historical information of the user is also maintained by the windows registry (Carvey, 2016). The details in the windows registry are similar to that of the log files. Some of the activities that the windows registry maintains are the information about the user profiles and user activities, keeping a log of the installed applications, a log of the opened apps, active apps, etc. Some of the handy information that serves a digital forensic analyst while studying the windows registry is

Record of the applications opened by the user.

Record of the access control by the user.

Record of the wired and wireless connections established by the user.

Record of the activities performed by the user.

The above information can clearly define the activities of a convict in a forensics case and helps law enforcement to gather the evidence that proves the guilty.

Registry Analysis

It is the analysis that is carried out after extracting the image of the system. This is one of the first steps of analyzing the windows registry. This gives a scope for the investigator to dig into the hive files of the windows registry. Registry keys are used to look into the contents of the windows registry (Carvey, 2016). The spectrum of activities that are carried out in a windows registry analysis is

Extracting the special keys that enable to have access to the hive files.

Retrieval of data from the hive files.

The scope of analysis can be extended with the above two steps.

Correlating the data collected from the hives to the existing case.

Registry keys help the analysts understand the registered activity from the apps. The file access times are registered, and they are extracted from the registry key values.

References

Carvey, H. A. (2016). Windows registry forensics: Advanced digital forensic analysis of the Windows registry. Amsterdam: Syngress.