- Course
Specialized DFIR: Windows Registry Forensics
The Windows registry is a valuable source of information during a forensic investigation. This course will teach you how to investigate the registry to obtain evidence of malicious execution and persistence.
Advanced
- Course
Specialized DFIR: Windows Registry Forensics
The Windows registry is a valuable source of information during a forensic investigation. This course will teach you how to investigate the registry to obtain evidence of malicious execution and persistence.
Advanced
Get started today
Access this course and other top-rated tech content with one of our business plans.
Try this course for free
Access this course and other top-rated tech content with one of our individual plans.
This course is included in the libraries shown below:
- Security
What you'll learn
The Windows registry is a key source of information during any forensic investigation, but registry artifacts are often misunderstood. In this course, Specialized DFIR: Windows Registry Forensics, you’ll learn how to properly analyze the Windows registry to discover signs of malicious activity. First, you’ll explore where registry hives are located and how to obtain them. Next, you’ll discover how backdoors remain persistent in the registry. Finally, you’ll learn how to determine if a program was executed from registry artifacts. When you’re finished with the course, you’ll have the skills and knowledge of Windows registry analysis needed to perform forensic analysis.
Specialized DFIR: Windows Registry Forensics
Advanced
Table of contents
Tyler Hudak has more than 15 years of experience performing malware analysis, computer forensics, and incident response for multiple organizations. He loves sharing the knowledge he has gained on these topics in his presentations and classes!