Conference ProceedingsOPEN ACCESS

A consistency study of the windows registry

IFIP Advances in Information and Communication Technology (2010) 337 AICT 77-90
DOI: 10.1007/978-3-642-15506-2_6
5Citations
Citations of this article
15Readers
Mendeley users who have this article in their library.

Abstract

This paper proposes a novel method for checking the consistency of forensic registry artifacts by gathering event information from the artifacts and analyzing the event sequences based on the associated timestamps. The method helps detect the use of counter-forensic techniques without focusing on one particular counter-forensic tool at a time. Several consistency checking models are presented to verify events derived from registry artifacts. Examples of these models are used to demonstrate how evidence of alteration may be detected. © 2010 International Federation for Information Processing.

Author supplied keywords

Cite

CITATION STYLE

APA

Zhu, Y., James, J., & Gladyshev, P. (2010). A consistency study of the windows registry. In IFIP Advances in Information and Communication Technology (Vol. 337 AICT, pp. 77–90). https://doi.org/10.1007/978-3-642-15506-2_6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free