Course Curriculum
-
01
Introduction
-
Welcome to Windows Registry
-
Windows Registry
-
The Structure of Windows Registry
-
Check Your Knowledge
-
-
02
Extracting Hive Files
-
Extract Hives through Command Line - Live System
-
Extract Hives through Registry Editor - Live System
-
Extract Hives through FTK Imager - Live System
-
Extract Hives through FTK Imager - Disk Image
-
-
03
Registry Explorer
-
Registry Explorer
-
-
04
RegRipper
-
RegRipper
-
Using the RegRipper GUI
-
RegRipper Command Line Tool
-
-
05
Autoruns
-
Autoruns
-
Download and Live System Analysis
-
Saved Hive / Offline Analysis
-
-
06
Investigating Windows System Registry Artifacts
-
Investigating Windows Registry Hives: System Artifacts
-
Basic System Information
-
Basic System Information - Cont..
-
Check Your Knowledge
-
-
07
TimeZone
-
TimeZone
-
Check Your Knowledge
-
-
08
User Information
-
User Information
-
Security Identifier (SID)
-
Login Information
-
-
09
Internet Network Information
-
Internet Network Information
-
Check Your Knowledge
-
-
10
AppCompatCache or ShimCache
-
AppCompatCache or ShimCache
-
-
11
Other System Information
-
Other System Information
-
-
12
Malware
-
Malware
-
-
13
Exercises
-
Exercises
-
Solutions
-
Required Files
-
-
14
Summary
-
Summary
-
6 CPE Credits
After completing this course, you will earn:
Learning Outcomes
After completing this course, you will learn the following:
-
Understand the structure and importance of the Windows Registry
-
The ability to extract system hives on a Windows machine
-
The ability to install and use forensic software to analyze system hives
-
Learning locations of various important forensic artifacts
Technical Requirements
For the hands-on labs in this course
-
Windows operating system (recommended Windows 10)
-
Internet connection
-
Installation of Registry Explorer/recmd
-
Installation of RegRipper
-
Installation of Autorun
What is next at Cyber 5W?
Add your email to the mailing list to get the latest updates