Volume Shadow Copy and Registry Forensics

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
What is covered in this PDF?
  • Volume Shadow Copy Basics
  • Shadow Copies on a Live Machine
  • Some Command Line
  • Shadow Explorer
  • Working with Disk Images
  • Some Registry Keys

Overwritten data: Values and data in keys such as typed URLs may be over-written from one session to another

Registry Related Timeline Analysis: You may be able to determine user activity during a more extended time frame

Anti-Anti-Forensics: Technologically sophisticated users may attempt to “clean” their Registry
 

Attachments

  • HTCIA 2012 - VSC and Registry.pdf
    2.8 MB · Views: 5
Top