scholarly journals Mining Windows Registry for Data Exfiltration Detection

2012 ◽  
Keyword(s):  
Windows Registry

The Windows Registry as a forensic resource

2005 ◽  
Vol 2 (3) ◽  
pp. 201-205 ◽  
Author(s):  
Harlan Carvey
Keyword(s):  
Windows Registry

Windows Essentials Before We Start

2019 ◽  
pp. 72-105
Keyword(s):  
Operating System ◽  
Virtual Machines ◽  
Security Level ◽  
Experimental Setup ◽  
Command Line ◽  
Basic Concepts ◽  
Windows Registry ◽  
System File

This chapter summarizes the basic concepts related to the most targeted and widely used Windows operating system. The chapter explains Windows architecture and authentication process along with different Windows operating system tools including Windows management instrumentation command-line (WMIC), recycle bin, msinfo32, netsh (network shell), Windows services console, Windows registry, event viewer, NBTSTAT (NetBIOS over TCP/IP Status), system file checker, group policy editor, Windows firewall, Windows task manager, MSCONFIG utility, netstat (network statistics) utility, Attrib command, diskpart utility, etc. The chapter provides details of Windows powershell, an integrated scripting environment (ISE) for executing the commands at runtime as well as for developing and testing PowerShell scripts along with net commands and netsh commands. These tools are useful for diagnosing and testing the security level or condition of existing Windows installation. The Windows virtual machines created as part of experimental setup discussed as in first chapter of this book can be used to exercise the windows commands and utilities mentioned in this chapter.

Windows Registry

1999 ◽  
pp. 200-213
Author(s):  
William J. Buchanan
Keyword(s):  
Windows Registry

Implementation of a forensic tool to examine the Windows registry

2014 ◽  
Author(s):  
Christian Leube ◽  
Knut Kröger ◽  
Reiner Creutzburg
Keyword(s):  
Windows Registry

Anti-virus software reports on Windows registry changes

2000 ◽  
Vol 2000 (6) ◽  
pp. 6
Author(s):  
Denis Zenkin
Keyword(s):  
Windows Registry

scholarly journals Investigation of Artifacts Left by BitTorrent Client on the Local Computer Operating under Windows 8.1

2015 ◽  
Vol 44 (4) ◽  
pp. 451-461 ◽  
Author(s):  
Algimantas Venčkauskas ◽  
Vacius Jusas ◽  
Kęstutis Paulikas ◽  
Jevgenijus Toldinas
Keyword(s):  
Operating System ◽  
File System ◽  
Client Application ◽  
Local Computer ◽  
Windows Registry

BitTorrent client application is a popular tool to download large files from Internet, but this application is quite frequently used for illegal purposes that are one of the types of cybercrimes. If order to fight against this type of cybercrime we carried out the research, during which we investigated the evidences left by BitTorrent client application in registry under Windows 8.1 operating system. The experiment was carried out in three steps: installation, download, and uninstallation. The snapshots of registry were taken and compared prior and after each step. Changes in Windows registry were collected and joined into tables. The experiment revealed that BitTorrent client application creates Windows registry artefacts that can contain information which might be used as evidence during an investigation. The evidence remains in the registry even after the removal of the application, although it can really prove the fact of usage of the application only. The investigation of file system can reveal the purpose and the contents of the BitTorrent client session.DOI: http://dx.doi.org/10.5755/j01.itc.44.4.13082

Sign in / Sign up

Export Citation Format

Share Document