Cyber Crime and Cyber Terrorism



Download 5,67 Mb.
Pdf ko'rish
bet92/283
Sana19.05.2022
Hajmi5,67 Mb.
#604880
1   ...   88   89   90   91   92   93   94   95   ...   283
Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

85
 
Most recently used lists
(HKLM), HKEY_USERS (HKU), HKEY_CURRENT_USER (HKCU), HKEY_
CLASSES_ROOT (HKCR), and HKEY_CURRENT_CONFIG (HKCC). The func-
tion of each of these keys is shown in 
Table 7.3
(
Nelson, et al. 2010
).
Most investigators will use a tool which allows them to carve data from registry 
files and present it in a view adapted for investigation. Although the registry of most 
Windows systems is large and complex and a full discussion of it would be beyond 
the scope of this work, some key areas which could be of interest to forensic examin-
ers are shown in the following table which has been summarized from Access Data’s 
quick find registry chart (
AccessDataGroup, 2010
):
MOST RECENTLY USED LISTS
Most recently used (MRUs) are designed as a convenience for the user. When certain 
user input fields are revisited then users can either see the previous entered infor-
mation in a list, or it may be autocompleted while typing. These lists are mostly 
extracted from the NTUSER.DAT. Examples of MRU lists include: mapped network 
Table 7.2 
Registry Files
Registry File
Registry Files Purpose
Default
Holds the computers system settings
System
Holds additional system settings
Security
Holds the computers security settings
Software
Holds settings for installed software and related usernames and 
passwords
Sam
Holds user account information
Ntuser.dat
Holds user specific data, e.g., desktop and recently used files
NTUser.data
SAM
SYSTEM
Chat rooms visited
Installed application list
Pagefile
IE-Auto logon, passwords
typed URLs
Last access of applications
Systems IP address, default 
gateway
Start-up programs
a
System boot programs
Mounted devices
b
EFS certificate thumbprint
Wired/Wireless 
connections
Storage media information
Outlook and POP3 
passwords
Shared folders list
Removable media 
information#
Most recently used lists
(see following)
Last logon time for user
Computers name
FTP access
Registered owner
System’s configuration 
settings
a
 Particularly useful for detecting Trojans.
b
 Use to associate any discovered evidence on removal storage with the PC.



Download 5,67 Mb.

Do'stlaringiz bilan baham:
1   ...   88   89   90   91   92   93   94   95   ...   283




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish