The Windows registry is a key source of information during any forensic investigation, but registry artifacts are often misunderstood. In this course, Specialized DFIR: Windows Registry Forensics, you’ll learn how to properly analyze the Windows registry to discover signs of malicious activity. First, you’ll explore where registry hives are located and how to obtain them. Next, you’ll discover how backdoors remain persistent in the registry. Finally, you’ll learn how to determine if a program was executed from registry artifacts. When you’re finished with the course, you’ll have the skills and knowledge of Windows registry analysis needed to perform forensic analysis.
2023-06-08