Home About Us Sign Up Downloads FAQ Contact Us
 
Registry Hives

..................................................................................................................................................

The following registry keys are extracted and reported on by OnScene LHF. Many of these registry keys are a source of  valuable evidence during computer forensic investigations.

OnScene LHF will allow you to add your own registry keys. This can be useful for software licensing audits.

Registry Location:

HKCU

Key Location:

\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions

Description:

IP addresses of connected computers

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU

Description:

List of Mapped Drives

..................................................................................................................................................

Registry Location:

SYSTEM

Key Location:

\Controlset###\Control\ComputerName\ComputerName

Description:

Computer name

..................................................................................................................................................

Registry Location:

SYSTEM

Key Location:

\Select

Description:

Lists current control set

..................................................................................................................................................

Registry Location:

SYSTEM

Key Location:

\Select\Current

Description:

System configuration settings

..................................................................................................................................................

Registry Location:

SYSTEM

Key Location:

\ControlSetXXX\Services\DMIO\BootInfo\PrimaryDiskGroup

Description:

Lists the most recent dynamic disk mounted

..................................................................................................................................................

Registry Location:

SYSTEM

Key Location:

\ControlSetXXX\Services\Eventlog

Description:

Path to the location of event logs

..................................................................................................................................................

Registry Location:

SYSTEM

Key Location:

\Microsoft\WindowsNT\CurrentVersion

Description:

Date operating system was installed

..................................................................................................................................................

Registry Location:

SYSTEM

Key Location:

\Microsoft\WindowsNT\CurrentVersion\Winlogon

Description:

Last logged on user

..................................................................................................................................................

Registry Location:

SOFTWARE

Key Location:

\MicrosoftWindowsNT\CurrentVersion

Description:

Installation date of operating system

..................................................................................................................................................

Triage LHF module reports on this key

194 Registry Hives: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20    [ view all ]

Computer Forensics Experts

Creating an Image with OSI

Previewing PST Files

On Scene Computer Forensics

Copy with MD5 report

Windows Recycle Bin

Computer Forensics For Apple Mac

Viewing the Internet Cache

Registry Hives

Using OnScene Investigator

Using Registry LHF

Down Data Sheet

Uses for OnScene Investigator

Project Roadmap



Find a Reseller

Become a Reseller


Training Certification


 
 
 
Home I Site Map I About Us I Help I Terms & Conditions
Copyright 2007 www.forensicsmatter.com All Rights Reserved.