Specialized DFIR course: Windows Registry Forensics. The Windows Registry is a key source of information during forensic investigations, but this source is often misunderstood. In this course, Specialized DFIR: Windows Registry Forensics, you’ll learn how to properly analyze the Windows registry to uncover signs of malicious and illegal activity. First, you’ll find out where the registry is located and how to get them. Next, you will see how backdoors remain hidden in the registry. Finally, you’ll learn how to determine whether a program has been run from registry artifacts. After completing the course, you will learn the skills and knowledge of Windows registry analysis required to perform forensic analysis.
In forensic investigations, the Windows registry is recognized as a critical source of information, but it is often challenging to understand properly. This specialized course teaches you how to accurately analyze the Windows registry and use it to uncover evidence of malicious and illegal activity.
- Locating and extracting the registry: In this section, you will learn about the storage location of the registry and the appropriate methods for extracting it.
- Hiding Backdoors in the Registry: This section examines the various methods attackers use to hide backdoors in the registry and maintain continuous access to the system.
- Detecting program execution through the registry: In this section, you’ll learn how to determine whether a specific program has been executed by analyzing registry artifacts.