Academy & Industry Research Collaboration Center
Windows Registry forensics is an important branch of computer and network forensics. Windows Registry is often considered as the heart of Windows Operating Systems because it contains all of the configuration setting of specific users, groups, hardware, software, and networks. Therefore, Windows Registry can be viewed as a gold mine of forensic evidences which could be used in courts. This paper introduces the basics of Windows Registry, describes its structure and its keys and subkeys that have forensic values. This paper also discusses how the Windows Registry forensic keys can be applied in intrusion detection.