Utilizing the Registry for Forensics, IR, and Malware Analysis

Presented by

Andrew Case, Senior Instructor, The Hacker Academy

About this talk

Analysis of the registry greatly aids in a number of investigative processes due to the amount and type of information stored. For example, when examining user activity, the registry can reveal installed applications, recently viewed documents, login, browser history, and removable device activity, and much more. The registry can also provide a wealth of information during malware analysis including signs of the initial infection, changes made to the system by the malware, and evidence of persistence mechanisms used. In this webinar we will discuss how to acquire the registry and its files from both disk and memory followed by how to analyze the acquired files. This will involve using several tools and understanding the evidence presented to us by them. By the end of the webinar, attendees will understand the importance of registry forensics, and have been shown several processes as well free/open source tools used to perform deep registry analysis. The knowledge gained will be immediately usable within real-world forensics investigation and give insight into the power of registry forensics to systems administrators, managers, and IT executives.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (1716)
Subscribers (38553)
With over 280,000 members, the Information Security Community is the largest community of cybersecurity professionals in the industry. Let's build a network that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, marketing ... or using information security solutions - this group is for you. Covered topics include compliance, encryption, anti-virus, malware, cloud security, data protection, hacking, network security, virtualization, and more.