Case Studies: Tracking User Activity

This chapter discusses a great deal of the data that can be extracted from Registry hives associated with a User Profile, in order to demonstrate or illustrate indicators of patterns of activity. This information can be used by analysts to demonstrate when the user was logged into the system and to locate indicators of malware infections, intrusions, and a number of other activities.