The Windows Registry as a forensic artefact: Illustrating evidence collection for Internet usage
暂无分享,去创建一个
In this paper we examine the use of the Windows Registry as a source of forensic evidence in digital investigations, especially related to Internet usage. We identify the sources of the information, along with the methods used and toolsets available for such examinations, and illustrate their use for recovering evidence. We highlight issues of the forensic practise related to Registry inspections and propose ideas for further improvements of the process and the tools involved.
[1] Henning Schulzrinne,et al. An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol , 2004, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.
[2] Harlan Carvey. The Windows Registry as a forensic resource , 2005, Digit. Investig..
[3] Eoghan Casey,et al. Digital Evidence and Computer Crime , 2000 .