Monday, October 25, 2010

Windows Registry Quick Find Chart, a 34 page PDF with common registry data locations guide [meant for forensic use, but cool reference for the everyday IT guy]

Computer Forensics and IR - What's New? - Updated Windows Registry and Mac resources & Jad's Software....updated

“…

Registry Quick Find Chart [GD:Click through for the link]- a very recently updated 34-page reference documenting Registry locations for the standard 5 Registry files.  The document has a few new columns in the document - one which lists what versions of Windows the reference pertains to (ie: XP, Vista or Win7) and a second column that states when the Registry reference is updated (immediately, when document opened, at logon...)    This document would also be great starting reference to initiate further research on Registry locations and extractable artifacts.  D/L it....know it....print it and keep it handy!

…”

AccessData - Supplemental Material

image

A snap from the PDF;

image

image

There’s a good bit of information here and something I know I’ll be able to use…

No comments: