论文信息 - Initial Case Analysis Using Windows Registry in Computer Forensics

Initial Case Analysis Using Windows Registry in Computer Forensics

The Windows registry has significant information which are valuable to the forensic analyst. Especially, some information such as the timezone information, the time when the OS was installed and the system was turned off, furthermore what kinds of the storage devices were attached are necessary in the forensic analysis. Besides, the investigator must recognize them for the further investigation. In this paper, we will give details about the Windows registry and describe how to use them for the forensic analysis and the investigation.

Woosuk Kim | Kisik Chang | Gibum Kim | Kwonyoup Kim

[1] Theodore Tryfonas,et al. The Windows Registry as a forensic artefact: Illustrating evidence collection for Internet usage , 2006, Digit. Investig..

[2] Paul E. Robichaux. Managing The Windows 2000 Registry , 2000 .

[3] Chad Steel. Windows forensics : the field guide for conducting corporate computer investigations , 2006 .

[4] Lih Wern Wong,et al. Forensic Analysis of the Windows Registry , 2022 .

[5] CarveyHarlan. The Windows Registry as a forensic resource , 2005 .