The Windows Registry Forensics course shows you how to examine the live registry, the location of the registry files on the forensic image, and how to extract files.
The Windows Registry Forensics course shows you how to examine the live registry, the location of the registry files on the forensic image, and how to extract files.
4.7 (19 évaluations)
RI
19 avr. 2022
Thank you to my learning instructor, I truly appreciate all the lectures. It's awesome!
MA
10 sept. 2021
A nice course by a nice instructor on a nice platform.
À partir de la leçon
NTUser.Dat Hive File Analysis
This module demonstrates an in-depth analysis of the artifacts contained within the NTUser.Dat hive file. This module will show examiners how to locate programs and applications, mounted volumes and connected devices specific to a user, user search terms and typed URLs. Examiners will also be able to locate and identify opened and saved files, typed URLs, user-specific programs set to run at startup and application installation and execution. Examiners will be able to locate, examine and interpret MRU lists (Most Recently Used), UserAssist, user system settings and recently used files.