论文信息 - Forensic Analysis of the Windows Registry

Forensic Analysis of the Windows Registry

Windows registry contains lots of information that are of potential evidential value or helpful in aiding forensic examiners on other aspects of forensic analysis. This paper discusses the basics of Windows XP registry and its structure, data hiding techniques in registry, and analysis on potential Windows XP registry entries that are of forensic values.

Lih Wern Wong | L. W. Wong

[1] Harlan A Carvey. Windows Forensics and Incident Recovery , 2004 .

[2] Jerry Honeycutt,et al. Microsoft Windows XP Registry Guide , 2002 .

[3] Harlan Carvey. The Windows Registry as a forensic resource , 2005, Digit. Investig..