• DocumentCode
    2714296
  • Title

    Initial Case Analysis Using Windows Registry in Computer Forensics

  • Author

    Chang, Kisik ; Kim, Gibum ; Kim, Kwonyoup ; Kim, Woosuk

  • Author_Institution
    Korean Nat. Police Agency, Seoul
  • Volume
    1
  • fYear
    2007
  • fDate
    6-8 Dec. 2007
  • Firstpage
    564
  • Lastpage
    569
  • Abstract
    The Windows registry has significant information which are valuable to the forensic analyst. Especially, some information such as the timezone information, the time when the OS was installed and the system was turned off, furthermore what kinds of the storage devices were attached are necessary in the forensic analysis. Besides, the investigator must recognize them for the further investigation. In this paper, we will give details about the Windows registry and describe how to use them for the forensic analysis and the investigation.
  • Keywords
    operating systems (computers); security of data; computer forensics; initial case analysis; windows registry; Databases; Documentation; Forensics; Information analysis; Layout; Operating systems; Performance analysis; Qualifications; Research and development; Testing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Future Generation Communication and Networking (FGCN 2007)
  • Conference_Location
    Jeju
  • Print_ISBN
    0-7695-3048-6
  • Type

    conf

  • DOI
    10.1109/FGCN.2007.151
  • Filename
    4426183
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2714296