Monthly Subscription Starting at AED 99 + VAT

Windows Registry Forensics
  • Level Professional
  • المدة 9 ساعات hours
  • الطبع بواسطة Infosec
  • Offered by

عن

The Windows Registry Forensics course shows you how to examine the live registry, the location of the registry files on the forensic image, and how to extract files.

الوحدات

Introduction to the Windows Registry

    • 2 Videos
    • 3 Readings
Show info about module content

2 Videos

  • What is the Registry and why is it important
  • Structure of the Windows Registry

3 Readings

  • Windows Registry Tools
  • Windows Registry Downloads
  • Download VM with Free Trial at Infosec

Preparing to Examine the Windows Registry

    • 4 Videos
Show info about module content

4 Videos

  • Viewing the Registry with RegEdit
  • Software needed to examine the Registry
  • Locating the registry files within the Windows file system
  • Locating and interpreting the registry values

NTUser.Dat Hive File Analysis

    • 9 Videos
Show info about module content

9 Videos

  • Recent Docs
  • Typed URLs
  • UserAssist
  • Recent Apps
  • Run and Run Once
  • ComDig32 Subkey
  • Typed Paths Subkey
  • Microsoft Office applications and the MRU subkey
  • Windows search function and the WordWheel query

SAM Hive File

    • 5 Videos
Show info about module content

5 Videos

  • SAM hive file
  • Security Identifiers
  • User Accounts (RIDS)
  • Password Hashes
  • Other Types of User Accounts

Software Hive File

    • 3 Videos
Show info about module content

3 Videos

  • Software File Subkeys of Interest
  • Network List Subkey
  • Connected Devices

System Hive File

    • 3 Videos
Show info about module content

3 Videos

  • System File Subkeys of Interest
  • USB Device Forensics
  • AppCompat Cache and Background Activities Monitor

USRClass.dat Hive File

    • 2 Videos
Show info about module content

2 Videos

  • Shellbags
  • MuiCache and Managed By App Sub-Keys

AmCache Hive File

    • 2 Videos
    • 1 Assignment
Show info about module content

1 Assignment

  • Windows Registry Forensics Quiz

2 Videos

  • AmCache Hive File SubKeys of Interest
  • AmCache Parser.exe Demo

Auto Summary

The Windows Registry Forensics course, offered by Coursera, is designed for IT and Computer Science professionals. It teaches you how to examine the live registry, locate registry files on forensic images, and extract files. With a duration of 540 minutes, the course offers both Starter and Professional subscription options, making it ideal for those looking to deepen their forensic analysis skills.

Denise Duffy
Instructor

Denise Duffy