Windows Forensics - Registry
Duration: 3 days.
Audience: Forensic investigators with experience in forensic case work and basic working knowledge of
FTK, FTK IMager, Registry VIewer and PRTK.
Pre-requisites: Read and understand the English language
Attend the AccessData Forensic Bootcamp and Windows Forensics or have equivelant experience with FTK and PRTK.
Have previous investigative experience in forensic case work.
Be familiar with the Microsoft Windows environment
Topics Covered: Introduction
Registry Utilities
Registry 201
Preliminary Case Info
Security Accounts Manager Registry Files (SAM)
Practical
SYSTEM Registry Files
SECURITY Registry Files
SOFTWARE Registry Files
Application Behaviour Part I
Application Behaviour Part II
Trojan Hourse Defence Issues
PDF Course Outline