Learn>Course
Course
Badge

Windows Registry Forensics

You can find lots of evidence on the Windows Registry. Follow this course and learn how you can do that.
0Total Lessons0Lesson Questions0SOC Alerts0Lesson Quiz0.0Hours to complete
Incident Responder
Hard
Windows Registry Forensics
Microsoft Windows is one of the most used operating systems to date. It is widely used by home and enterprise users. This makes this platform a major target for threat actors. So, it is important for cybersecurity professionals to understand how to perform forensics investigations on Windows systems. In this course, we will be discussing the Windows Registry and the valuable artifacts and information it stores.
What are you waiting for?
Table of content
  • Introduction to Windows Registry Forensics
  • Acquiring Registry Hives
  • Regedit and Registry Explorer
  • System, Users and Network Information
  • Shellbags
  • Shimcache
  • Amcache
  • Recent Files
  • Dialogue Boxes MRU
Practice with SOC Alert
  • 50 - SOC117 - Suspicious .reg File
Evaluate Yourself with Quiz
  • Registry Forensics
Windows Registry Forensics
You can find lots of evidence on the Windows Registry. Follow this course and learn how you can do that.
YOUR PROGRESS
Lesson Completion0%
SOC Alert0 of 1
Quiz0 of 1
ACHIEVEMENTS
"Registry Forensics" BadgeRegistry Forensics
EXPECTED OUTCOMES
  • Acquiring Registry Hives
  • Extract evidence from Windows Registry
    • INTENDED AUDIENCE
  • Incident Responders
  • Incident Responder candidates
  • Forensics Experts
    • PREREQUISITES
  • Windows fundamentals
    • Windows Registry Forensics
    You can find lots of evidence on the Windows Registry. Follow this course and learn how you can do that.