Overview
Dive into a comprehensive walkthrough of TryHackMe's Windows Forensics room, focusing on Windows Registry artifacts in digital investigations. Explore Windows Registry Hive locations, software tools for investigation, and the significance of various Windows Registry artifacts. Learn to analyze UserAssist, MRUs, ShellBags, external devices, and more. Follow along with the step-by-step guide covering introduction to Windows forensics, Windows Registry and its role in forensics, exploring the Registry, system information and accounts, file and folder usage evidence, execution traces, and USB device forensics. Conclude with a hands-on challenge to apply your newly acquired knowledge. Gain valuable insights into digital forensic techniques and enhance your skills in Windows-based investigations.
Syllabus
TryHackMe WindowsForensics
Open TryHackMe Windows Forensics room
Introduction to Windows Forensics
Windows Registry and Forensics
Exploring Windows Registry
System Information and System Accounts
Usage or knowledge of files/folders
Evidence of Execution
External Devices/USB device forensics
Hands-on Challenge
Conclusion
Taught by
DFIRScience