DocumentCode :
2714296
Title :
Initial Case Analysis Using Windows Registry in Computer Forensics
Author :
Chang, Kisik ; Kim, Gibum ; Kim, Kwonyoup ; Kim, Woosuk
Author_Institution :
Korean Nat. Police Agency, Seoul
Volume :
1
fYear :
2007
fDate :
6-8 Dec. 2007
Firstpage :
564
Lastpage :
569
Abstract :
The Windows registry has significant information which are valuable to the forensic analyst. Especially, some information such as the timezone information, the time when the OS was installed and the system was turned off, furthermore what kinds of the storage devices were attached are necessary in the forensic analysis. Besides, the investigator must recognize them for the further investigation. In this paper, we will give details about the Windows registry and describe how to use them for the forensic analysis and the investigation.
Keywords :
operating systems (computers); security of data; computer forensics; initial case analysis; windows registry; Databases; Documentation; Forensics; Information analysis; Layout; Operating systems; Performance analysis; Qualifications; Research and development; Testing;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Future Generation Communication and Networking (FGCN 2007)
Conference_Location :
Jeju
Print_ISBN :
0-7695-3048-6
Type :
conf
DOI :
10.1109/FGCN.2007.151
Filename :
4426183
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2714296
بازگشت