Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Investigating Malware Using Registry Forensics

via YouTube

Overview

Explore registry forensics techniques for investigating malware in this 44-minute conference talk from Louisville Infosec 2017. Delve into the Windows Registry's structure, terminology, and primary hives. Learn how registry analysis can aid in malware detection through examination of MuiCache, AppCompatCache, Amcache.hve, UserAssist, and Recent Apps. Discover persistence mechanisms and advanced techniques like Unicode RLO character manipulation and large registry value analysis. Investigate Shellbags and user activity for a comprehensive understanding of malware behavior and system interactions.

Syllabus

Intro
Outline
Why the Registry?
The Windows Registry
Progression of the Registry
Registry Terminology
Primary Hives Comprising the Registry
What can Registry Analysis Help Answer?
Detection: MuiCache
Detection: AppCompatCache
AppCompatCache Volatility Plugin
Detection: Amcache.hve
Amcache.hve Data
Detection: UserAssist
Detection: Recent Apps
Persistence
More Fun: Unicode RLO Character
More Fun: Large Registry Values
Investigation: Shellbags
Investigation: Activity
Conclusion

Reviews

Start your review of Investigating Malware Using Registry Forensics

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.