Return to lecture notes index
February 17, 2011 (Lecture 11)
The Windows Registry
Today we discussed the Windows registry: It's organization, the persistent components on disk and the volatile components in memory, it's structure, and its forensic value

I strongly recommend the following resources:

A Few Forensic Applications

Below are a few example items I have commonly found useful within the Registry. There are certainly plenty more:

Warning to all Readers

These are unrefined notes. They are not published documents. They are not citable. They should not be relied upon for forensics practice. They do not define any legal process or strategy, standard of care, evidentiary standard, or process for conducting investigations or analysis. Instead, they are designed for, and serve, a single purpose, to help students to jog their memory of classroom discussions and assist them in thinking critically about the issues presented. The author is certainly not an attorney and is absolutely not giving any legal advice.