Digital Forensic Analysis

Windows registry is an excellent data source for digital forensic analysis because it is one of the quickest and most efficient uses of the forensic investigators time to decide whether a particular computer is of value to an investigation (especially in cases where multiple unknown computers are of interest). It can contain very rich data about an investigation without too much research and troubleshooting. The Windows registry two main task for the operating system; it stores all the setting for the applications and the operating system itself as well as is stores all the configuration of the hardware on the machine. A forensics investigator can characterize the valuable data from the Windows registry in five groups; system information, application information, network information, attached devices and history list (Alghafli, Jones, & Martin, 2014). The system information will relay all pertinent information about the computer speed, processor, user names, nick names, and shut down …show more content…
Network information will reveal all networks the computer was connected too including all intranets and wireless connections. The attached devices will reveal all USB, DVD/CD, media, etc. devices that have been connected to this computer also helping tie an unknown USB device to a particular computer. The history list will give an investigator all information about a user's latest activity including which files have been opened, modified, created, and websites visited. Windows registry stores data in binary code based on the application structure. Some applications can cause forensic analyst trouble as different applications can use different structures to store it and offenders can use this to help confuse investigators or to hide