Thursday, September 08, 2005

The Windows Registry as a Forensic Resource

The subject article is now online at ScienceDirect. I wrote this article back in July. In the article, I walk through some of the basics of the Registry and its structure, and then get into where the investigator can look in the Registry for certain information that may help with a case.

Besides addressing autostart locations, the article also discusses Registry entries that pertain to USB removable storage devices and the key/values that contain information on wireless SSIDs that the system has connected to.

Comments are welcome and appreciated.

6 comments:

hogfly said...

Harlan,
Science direct and digital investigation aren't available to the public. It's not a free journal so a lot of people won't be able to read your article. Is there any way you can make it available elsewhere?

Keydet89 said...

Hogfly,

Are your unable to reach the article? I don't have any kind of account to log into the Science Direct site...are you unable to reach it?

hogfly said...

I get this message:
The article from Digital Investigation is not included in your institution's subscription. You may be able to access this article using your institution's agreement with ScienceDirect by clicking the continue button.

I click continue. and I get this:
Error 500:

and that's it. I'll try it from a different netblock later.

hogfly said...

I had a friend try it, and it said they had to pay $30 for it.

Keydet89 said...

That's odd...I can get it from work, as well as from home, no trouble. Different browsers, flushed cache, etc...it all works fine.

I'll see what I can do to locate the article on my hard drive, and post it.

Anonymous said...

I like your blog. I also run a site about online colleges and universities. We have programs for all kinds of career paths including
forensic photo