O'Reilly logo

Windows Registry Forensics by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

4. Case Studies
Tracking User Activity
Information in This Chapter
This chapter discusses a great deal of the data that can be extracted from Registry hives associated with a User Profile, in order to demonstrate or illustrate indicators of patterns of activity. This information can be used by analysts to demonstrate when the user was logged into the system and to locate indicators of malware infections, intrusions, and a number of other activities.
Keywords
Registry, NTUSER.dat, USRCLASS.dat, UserAssist, MuiCache, virtualization, RecentDocs, WordWheelQuery, user
Introduction
When first I sat down to write this book, it occurred to me that this chapter … one about tracking user activity … might be the most ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required