• DocumentCode
    3371840
  • Title

    Windows Registry and Hiding Suspects´ Secret in Registry

  • Author

    Kim, Youngsoo ; Hong, Dowon

  • Author_Institution
    Electron. & Telecommun. Res. Inst. (ETRI), Daejeon
  • fYear
    2008
  • fDate
    24-26 April 2008
  • Firstpage
    393
  • Lastpage
    398
  • Abstract
    Windows registry, a central repository for configuration data, should be investigated for obtaining forensic evidences, since it contains lots of information that are of potential evidential value. Using some forensic tools, forensic examiners can investigate values of windows registry and get information can be forensic evidences. However, since windows registry contains huge amount of values and these values can be modified by users, suspect can hide his secret like password in registry values. In this paper, we discuss the basics of Windows XP registry and extract some registry entries related to forensic analysis. Finally, we show that some countermeasures are needed, listing up consideration items for hiding secrets in registry as suspect´s viewpoint.
  • Keywords
    computer crime; operating systems (computers); Windows XP registry; configuration data repository; forensic analysis; forensic evidences; forensic examiners; forensic tools; password; registry values; Application software; Convergence; Data mining; Data security; Databases; Forensics; Hardware; History; Information security; Uniform resource locators;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Security and Assurance, 2008. ISA 2008. International Conference on
  • Conference_Location
    Busan
  • Print_ISBN
    978-0-7695-3126-7
  • Type

    conf

  • DOI
    10.1109/ISA.2008.8
  • Filename
    4511599
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3371840