The Windows Registry Forensics course shows you how to examine the live registry, the location of the registry files on the forensic image, and how to extract files.
System File Subkeys of Interest
Loading...
Avis
4.7 (19 évaluations)
- 5 stars78,94 %
- 4 stars15,78 %
- 3 stars5,26 %
RI
19 avr. 2022
Thank you to my learning instructor, I truly appreciate all the lectures. It's awesome!
MA
10 sept. 2021
A nice course by a nice instructor on a nice platform.
À partir de la leçon
System Hive File
This module will demonstrate evidence of forensic value contained within the system hive file. This module explores the system hive file showing how to determine the current control set, computer name, last shutdown date and time, crash dump settings and location, services set to run at startup, page file settings, prefetch settings, last access file time settings, AppCompat Cache, BAM (background activities monitor) and USB device connections and disconnections with dates and times.
Enseigné par
Denise Duffy
Explorer notre catalogue
Rejoignez-nous gratuitement et obtenez des recommendations, des mises à jour et des offres personnalisées.
Coursera Footer
© 2022 Coursera Inc. Tous droits réservés.
