Digging Up the Past: Windows Registry Forensics Revisited
FireEye consultants frequently utilize Windows registry data when
performing forensic analysis of computer networks as part of incident
response and compromise assessment missions. This can be useful to
discover malicious activity and to determine what data may have been
stolen from a network. Many different types of data are present in the
registry that can provide evidence of program execution, application
settings, malware persistence, and other valuable artifacts.
Performing forensic analysis of past attacks can be particularly
challenging. Advanced persistent ...