Join Sandra Toner for an in-depth discussion in this video Locating evidence from the Windows Registry, part of Learning Computer Security Investigation and Response.
- In this video, we'll cover accessing the registry,…a comprehensive repository of everything…in a Windows system.…The registry is broken down into five hives.…First, there's the HKEY_CLASSES_ROOT hive.…This one stores drag-and-drop rules,…program shortcuts, and user interface information.…There's also the HKEY_CURRENT_USER hive.…This stores information about the currently logged-on user.…This particular hive can be very useful…for a forensic investigator.…
Next, we have the HKEY_LOCAL_MACHINE.…This contains settings common to the entire machine,…not just one specific user.…We also have HKEY_USERS.…This has profiles for all users,…including their preferences.…This particular hive can also…be very valuable for forensics.…Finally, there is the HKEY_CURRENT_CONFIG.…This hive has the current system configuration.…Now let's access the registry in Windows.…Before we begin, I do need to caution you.…
Messing with the Windows registry…can have extremely negative effects,…so you don't want to take any actions…unless you really know what you're doing.…
Author
Sandra Toner
Released
12/16/2015This course covers the basics of computer forensics and cyber crime investigation. Author Sandra Toner provides an overview of forensic science, and discusses best practices in the field and the frameworks professionals use to conduct investigations. Then, after showing how to set up a simple lab, Sandra describes how to respond to a cyber incident without disturbing the crime scene. She dives deep into evidence collection and recovery, explaining the differences between collecting evidence from Windows, Mac, and Linux machines. The course wraps up with a look at some of the more commonly used computer forensics software tools.
- Applying science to digital investigations
- Understanding forensic frameworks
- Defining cyber crime: harassment, hacking, and identity theft
- Setting up a forensic lab
- Responding to cyber incidents
- Collecting and recovering evidence
- Examining networks for evidence
- Applying forensics to Windows, Mac, and Linux
- Working with forensics tools
Skill Level Beginner
Duration
Views
-
Introduction
-
Welcome33s
-
-
1. Understanding Forensic Science
-
Identifying digital evidence2m 20s
-
2. Defining Cyber Crime
-
Classifying cyber crime1m 52s
-
Defining identity theft3m 35s
-
Examining cyber harassment4m 28s
-
-
3. Setting Up a Forensic Lab
-
Building a knowledgebase2m 43s
-
Working with evidence1m 28s
-
Equipping the lab1m 23s
-
Selecting forensic software2m 50s
-
-
4. Responding to a Cyber Incident
-
Discovering an incident2m 59s
-
Preserving evidence2m 9s
-
Reporting cyber incidents4m 28s
-
-
5. Collecting Evidence
-
Following protocol2m 25s
-
Storing evidence2m 28s
-
Imaging evidence1m 59s
-
-
6. Recovering Evidence
-
Finding hidden data4m 44s
-
Resurrecting data2m 36s
-
Working with damaged media2m 39s
-
Viewing browser history2m 11s
-
-
7. Network-Based Evidence
-
Checking out firewall logs1m 17s
-
Detecting network intrusion2m 10s
-
Examining router evidence1m 42s
-
-
8. Windows Forensics
-
Finding Windows directories1m 54s
-
9. Macintosh Forensics
-
Applying forensics to a Mac3m 17s
-
Checking out Mac logs2m 2s
-
Finding Mac directories1m 40s
-
-
10. Linux Forensics
-
Checking out Linux log files3m 40s
-
Finding Linux directories2m 28s
-
11. Forensic Tools
-
Conclusion
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Locating evidence from the Windows Registry