Ankit Gupta has shared third part of the article ‘Digital Forensics Investigation through OS Forensics’.
The article tell us:How to dp raw analysis of a drive or a forensic image. How to investigate a Windows registry. How to analyze a File system. How to extract passwords from different sources.
The Windows registry contains information about recently received files and significant information about user actions. The registry is a very useful tool for the administrator and forensic investigator.
Jason ran into a hierarchy of keys / subkeys of the registry, which intrigued him. So he decided to write a blog “Registry Key RecentApps”. The top-level key, called RecentApps, contained links to several applications and files that were available on the system. In addition to the name of the application and the file, it found that the full path to the file and the last access to the file was available from the RecentApps key hierarchy.