HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

A Consistency Study of the Windows Registry

Abstract : This paper proposes a novel method for checking the consistency of forensic registry artifacts by gathering event information from the artifacts and analyzing the event sequences based on the associated timestamps. The method helps detect the use of counter-forensic techniques without focusing on one particular counter-forensic tool at a time. Several consistency checking models are presented to verify events derived from registry artifacts. Examples of these models are used to demonstrate how evidence of alteration may be detected.
Document type :
Conference papers
Complete list of metadata

Cited literature [8 references]  Display  Hide  Download

Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 27, 2017 - 5:15:29 PM
Last modification on : Thursday, March 5, 2020 - 4:46:43 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Yuandong Zhu, Joshua James, Pavel Gladyshev. A Consistency Study of the Windows Registry. 6th IFIP WG 11.9 International Conference on Digital Forensics (DF), Jan 2010, Hong Kong, China. pp.77-90, ⟨10.1007/978-3-642-15506-2_6⟩. ⟨hal-01060611⟩



Record views


Files downloads