Profiles
What’s in a name? That which we call a profile By any other name would still let us log in. I […]
What’s in a name? That which we call a profile By any other name would still let us log in. I […]
Named Key cells are the data structures within the Registry that hold the Keys and provide the parent/child data necessary to build […]
The contents of Registry files are saved in Hive Bins. The previously mentioned header to the Registry file is a 4k block with […]
Every Registry file starts with a 4,096 byte header block. The first 512 bytes of that header tell us about the Registry file […]
After reviewing several other sources, notably from Morgan and Norris, I’ve decided that Joachim Metz’s Windows NT Registry File (REGF) format specification is the […]
The first step to forensic analysis of the Registry is knowing where to find the files. The short answer is go look […]
Searching for information about the innards of the Registry returns a whole lot of pages talking about the hives, keys, and values. […]
There are a plethora of keys in the Registry dedicated to telling you where you’ve been. Known as MRU (Most Recently Used) […]
I’m not sure how I missed it when it came out in 2009, but Peter Norris has put together an absolutely fantastic […]