FORENSICS ANALYSIS OF THE REGISTRY OF WINDOWS 7 “SYSTEM ANALYSIS” 시스템 포렌식 실습 NURHALIMATUSADIAH SYARA 10152146 시스템 포렌식 실습.

Slides:

Advertisements

Similar presentations

Working with the Windows Registry Computer Club of the Sandhills November 12, 2012.

Advertisements

Your Friend and Mine The Windows Registry. What is the Registry? ► Think of as a giant 411 switchboard ► Simple idea of centralized one-stop shopping.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 3 Configuring the Windows Server 2008 Environment.

Configuration Files CGS2564. DOS Config.sys Device drivers Memory configuration Autoexec.bat Run programs, DOS commands, etc. Environment settings File.

The Windows Registry Adapted from

Registry Analysis What is it? What does it contain?

Registry Structure What is it? What does it contain?

Real Forensics The hard way. Data Recovery What data/evidence can you retrieve from a hard drive. Usually dd is good enough Sometimes real help is needed.

Application Repackaging - Naushad Ali T Doddamani.

Operating System & Application Files BACS 371 Computer Forensics.

Working with the Windows XP Registry

Mastering Windows Network Forensics and Investigation Chapter 9: Registry Evidence.

© 2009 Autodesk Troubleshooting common installation problems TS AutoCAD (LT) Product Support By Tom Stoeckel.

OS and Application Files BACS 371 Computer Forensics.

1 Macros Presented by Maria G. Martinez. 2 What's a macro?  Macro - set of computer instructions that you can record and associate with a shortcut key.

KEY COMPONENTS OF A COMPUTER SYSTEM ANDREW LOLAVAR.

Technology ICT Core: File Management.

Mastering Windows Network Forensics and Investigation Chapter 9: Registry Evidence.

How Computers Work. A computer is a machine f or the storage and processing of information. Computers consist of hardware (what you can touch) and software.

WINDOWS SYSTEMS AND ARTIFACTS John P. Abraham Professor UTPA.

Lecture 7 Forensic Analysis of Windows Systems (contd.)

1 Microsoft Windows Internals, 4 ed Chapter 4. Management Mechanisms The Registry 謝承璋 2008 年 05 月 07 日.

Different CPUs CLICK THE SPINNING COMPUTER TO MOVE ON.

Ch 11. Services A service is a specialized program that performs a function to support other programs Many services operate at a very low level – Interacting.

Information and Process Management Kevin Jacobson.

6.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts.

Installing Ricoh Printers There are two basic steps: 1. Acquire the drivers. 2. Use the Windows Add Printer Wizard to install the drivers within the operating.

Operating Systems JEOPARDY Computer Repair GeneralConcepts OS Tasks MoreConcepts Using the OS Misc

USER EXPERIENCE VIRTUALIZATION 2.0 (MDOP 2013 R2) Presenter - Fred

5. Windows System Artifacts Part 1. Topics Deleted data Hibernation Files Registry.

© CCI Learning Solutions Inc. 1 Lesson 2: Elements of a Personal Computer System unit Microprocessor chip How memory is measured What ROM is What RAM is.

OCR GCSE Computing © Hodder Education 2013 Slide 1 OCR GCSE Computing Chapter 2: CPU.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 23 – The Registry.

1 Windows 98 Ancillary Systems x The Process Scheduler provides system resources. The Windows Driver Model (WDM) allows Windows 98 and Microsoft Windows.

Windows management Unit objectives: Manage the operating system Configure Task Scheduler Manage resources on your computer Participate in a Remote Assistance.

CPU Inside Maria Gabriela Yobal de Anda L#32 9B. CPU Called also the processor Performs the transformation of input into output Executes the instructions.

The Windows Registry as a forensic resource Harlan Carvey /$ - see front matter a 2005 Elsevier Ltd. All rights reserved. doi: /j.diin

Chapter Thirteen Booting Windows XP. Objectives Understand the Windows XP boot process Understand the Windows XP boot process Troubleshoot system restoration.

Unit OS12: Scripting Lab Manual. 2 Copyright Notice © David A. Solomon and Mark Russinovich These materials are part of the Windows Operating.

Places Bar The Places bar contains shortcuts to five standard folders: History, Desktop, My Documents, My Computer, and My Network Places. (We’re looking.

 Click Start, point to All Programs, point to Accessories, point to System Tools,and then click Backup. The Backup or Restore Wizard starts.

Lecture 12. Windows registry Structure of the registry Loading and storing data in registry.

Managing Services and Registry Chapter 16 powered by dj.

CENTRAL PROCESSING UNIT. CPU Does the actual processing in the computer. A single chip called a microprocessor. Composed of an arithmetic and logic unit.

ACCESSDATA® FORENSICS Windows 7 Registry Introduction

Nvflash bios update SOP. Click to edit Master title style 3 1.Copy GTX 960 oc mode bios and windows flash tool into disk 2.Run cmd.exe from start menu.

 System Requirements are the prerequisites needed in order for a software or any other resources to execute efficiently.  Most software defines two.

Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).

Data-information stored in files on the disks and CDs in your computer system Why should we save a file when we create it on the computer?

l Overview: Define the purpose of the Registry Identify the permissions provided to protect the registry Identify the key registry values to protect Understand.

Computer Performance. Hard Drive - HDD Stores your files, programs, and information. If it gets full, you can’t save any more. Measured in bytes (KB,

General Concepts of ICT. Be able to identify the main components of a general- purpose computer:  central processing unit (CPU)  main/internal memory.

/alexwaston14/fix-pc-error u/0/b/ /pages/Fix-PC- Error/

Copyright © 2016 by McGraw-Hill Education. All rights reserved. Mike Meyers’ CompTIA A+ ® Guide to Managing and Troubleshooting PCs Fifth Edition Copyright.

For more information on Rouge, visit:

OCR GCSE Computer Science Teaching and Learning Resources

Cheltenham Courseware

CS 286 Computer Architecture & Organization

Get more done with Windows 10 Pro for Workstations

Files Used in the Boot Process

Fix Avast Antivirus Error Call

How to fix Avast Antivirus Error  First of all, you need to click the “Start” button.  In the search box, type "command."  Hold down the CTRL-Shift.

System Architecture 1 Chapter 2.

Personal computer basics

MCAFEE TECHNICAL SUPPORT NUMBER Contact McAfee Support Number for online Support.

Windows Registry: Introduction

3.1 Basic Concept of Directory and Sub-directory

Learning Objectives To be able to describe the purpose of the CPU

Microsoft Windows 7 Basics

Presentation transcript:

FORENSICS ANALYSIS OF THE REGISTRY OF WINDOWS 7 “SYSTEM ANALYSIS” 시스템 포렌식 실습 NURHALIMATUSADIAH SYARA 시스템 포렌식 실습

Windows Registry the system such as the settings configuration of the system 시스템 포렌식 실습

The computer name is available in the following registry sub key: HKEY_LOCAL_MACHINE\SYSTEM\Currentcontrolset\ Control\ComputerName\ComputerName HKEY_LOCAL_MACHINE is hive connected to Keys - SYSTEM is Keys - Currentcontrolset is SubKeys - Control is SubKeys - ComputerNameis SubKeys - ComputerName is value that store data ; 시스템 포렌식 실습

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralPro cessor\0 HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralPro cessor\1 This information includes the processor name, its speed and vendor identifier. We can know name of processor of this computer ; Intel® Core™ i3 – 5005U 2.00GHz 시스템 포렌식 실습

This key maintains a list of recently opened or saved files via typical Windows Explorer-style commons dialog boxes HKCU\Software\Microsoft\Windows\CurrentsVersion\Explorer\ComDIg3 2\OpenSaveMRU 시스템 포렌식 실습

This key maintains a list of entries (E.G full file path or commands like cmd, regedit, compmgmnt.MSC) executed using the start>run commands HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU 시스템 포렌식 실습

IMPORTANT REGISTRY ENTRIES HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\ HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\ HKCU\Software\Microsoft\Internet Explorer\TypedURLs\ HKCU\Software\Microsoft\Windows\CurrentVersion\ComDIg32\OpenSaveMRU HKCU\Software\Microsoft\Windows\CurrentVersion\ComDIg32\LastVisitedMRU 시스템 포렌식 실습

If we want t reactivate on new machine HKCU\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE 시스템 포렌식 실습

IF WE CHANGE THE NUMBER OF VALUE DATA. SO, WHEN WE CLOSE IT WE CAN’T OPEN IT 시스템 포렌식 실습