ISSC456_Lab1_Greco_Austin
doc
keyboard_arrow_up
School
American Public University *
*We aren’t endorsed by this school
Course
456
Subject
Information Systems
Date
Dec 6, 2023
Type
doc
Pages
1
Uploaded by CaptainIceCamel23
Lab #1
Austin Greco
Hardware/Software Setup Required
Windows computer
Access to cmd.exe and regedit32.exe
Problem Description
Examine a Windows Registry to view keys, subkeys, and values
Estimated completion time
: 60 minutes
Outcome
Prepare a one-paragraph summary detailing how the information contained in the Windows
Registry might be useful in a forensic investigation
Validation/Evaluation
Open a command line window on a Windows computer
At the prompt, type “regedit32” and press enter to open the Windows Registry
Explore the Registry keys, subkeys, and values taking note of the type of information
contained in each
Prepare a one-paragraph summary detailing how the information contained in the
Windows Registry might be useful in a forensic investigation
Summary
The Windows Registry is extremely important to forensic investigations as the contents
contained can show information on a user accounts activity, any typed URLs, the
software and hardware contained on the system, and even any command lines that have
been executed. One key example found on the regedit32 for my system is the exact date
and time that a malware scan was last run on the MalwareBytes software. Information
such as a last run malware scan can point investigators towards a possible reason that any
issues occurred on the system. Furthermore, discovering URL visits or downloaded and
opened software from the internet could be some of the most valuable information for
investigators when dealing with cybercrime. By gaining this information, the honeypot or
infected websites that caused the contraction of any malicious content can solve a
cybercrime instantly. Forensic investigators could also find any connected devices, such
as a USB drive, by looking at the system/mounteddevices area. This revealed the external
hard drive on my own system without any extra permissions being needed to access such
useful information. Forensic investigators should always check the registry when
attempting to solve any crime as there is a plethora of useful information and even
sometimes hidden information that cannot be found without the registry.
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help