Specialized DFIR: Windows Registry Forensics
The Windows registry is a valuable source of information during a forensic investigation. This course will teach you how to investigate the registry to obtain evidence of malicious execution and persistence.
The Windows registry is a key source of information during any forensic investigation, but registry artifacts are often misunderstood. In this course, Specialized DFIR: Windows Registry Forensics, you’ll learn how to properly analyze the Windows registry to discover signs of malicious activity. First, you’ll explore where registry hives are located and how to obtain them. Next, you’ll discover how backdoors remain persistent in the registry. Finally, you’ll learn how to determine if a program was executed from registry artifacts. When you’re finished with the course, you’ll have the skills and knowledge of Windows registry analysis needed to perform forensic analysis.
Author Name: Tyler Hudak
Author Description:
Tyler Hudak has more than 15 years of extensive real-world experience in incident handling, malware analysis, computer forensics, and information security for multiple Fortune 500 firms. He has spoken and taught at a number of security conferences on the topics of malware analysis, incident response, and penetration testing, and brings his frontl ine experience and proven techniques to bear in his training.
Table of Contents
- Course Overview
1min - Windows Registry Analysis Concepts
13mins - Access Analysis within the Registry
21mins - Execution Analysis within the Registry
9mins - Persistence in the Registry
15mins - Conclusion
7mins
There are no reviews yet.