Select Page

There is a new paper out by Lih Wern Wong that I would recommend that dissects the Registry.  While the viewpoint is primarily forensics-based, it’s a worthwhile read for general security researchers who want to learn more about the subject.

Windows registry contains lots of information that are of potential evidential value or helpful in aiding forensic examiners on other aspects of forensic analysis. This paper discusses the basics of Windows XP registry and its structure, data hiding techniques in registry, and analysis on potential Windows XP registry entries that are of forensic values.

Link here, with a hat tip to Jamie Morris

Update: From Jamie Morris at ForensicFocus:

One of our list members, David, has very kindly created and supplied me with a PDF
version of the paper. It can be downloaded here.  Thanks David!

Alex Eckelberry