%0 Conference Proceedings
%T A Consistency Study of the Windows Registry
%+ University College Dublin
%A Zhu, Yuandong
%A James, Joshua
%A Gladyshev, Pavel
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 6th IFIP WG 11.9 International Conference on Digital Forensics (DF)
%C Hong Kong, China
%Y Kam-Pui Chow; Sujeet Shenoi
%I Springer
%3 Advances in Digital Forensics VI
%V AICT-337
%P 77-90
%8 2010-01-04
%D 2010
%R 10.1007/978-3-642-15506-2_6
%K registry analysis
%K counter-counter-forensics
%K Windows forensics
%Z Computer Science [cs]/Digital Libraries [cs.DL]Conference papers
%X This paper proposes a novel method for checking the consistency of forensic registry artifacts by gathering event information from the artifacts and analyzing the event sequences based on the associated timestamps. The method helps detect the use of counter-forensic techniques without focusing on one particular counter-forensic tool at a time. Several consistency checking models are presented to verify events derived from registry artifacts. Examples of these models are used to demonstrate how evidence of alteration may be detected.
%G English
%2 https://inria.hal.science/hal-01060611/document
%2 https://inria.hal.science/hal-01060611/file/ZhuJG10.pdf
%L hal-01060611
%U https://inria.hal.science/hal-01060611
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-AICT
%~ IFIP-AICT-337
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-DF
%~ IFIP-WG11-9