Home About Us Sign Up Downloads FAQ Contact Us
 
Registry Hives

..................................................................................................................................................

The following registry keys are extracted and reported on by OnScene LHF. Many of these registry keys are a source of  valuable evidence during computer forensic investigations.

OnScene LHF will allow you to add your own registry keys. This can be useful for software licensing audits.

Registry Location:

NTUSER.DAT

Key Location:

\Software\Microsoft\ProtectedStorageSystemProvider\SID\InternetExplorer\Internet Explorer StringIndex

Description:

IE search terms (w/Date time stamp)

..................................................................................................................................................

Registry Location:

NTUSER.DAT

Key Location:

\Software\Microsoft\ProtectedStorageSystemProvider\SID\InternetExplorer\Internet Explorer StringIndex

Description:

Data entered into forms with IE

..................................................................................................................................................

Registry Location:

NTUSER.DAT

Key Location:

\Software\Microsoft\ProtectedStorageSystemProvider\SID\InternetExplorer\Internet Explorer URL String Data

Description:

IE passwords and login ID's (w/Date time stamp)

..................................................................................................................................................

Registry Location:

NTUSER.DAT

Key Location:

\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Url History Days to keep

Description:

Number of days the system stores URLS visited with IE

..................................................................................................................................................

Registry Location:

NTUSER.DAT

Key Location:

\Software\Microsoft\InternetExplorer\Intelliforms

Description:

Web page autocomplete passwords

..................................................................................................................................................

Registry Location:

NTUSER.DAT

Key Location:

\Software\Microsoft\ProtectedStorageSystemProvider

Description:

Web page autocomplete used

..................................................................................................................................................

Registry Location:

NTUSER.DAT

Key Location:

\Software\Microsoft\InternetExplorer

Description:

Download default directory

..................................................................................................................................................

Registry Location:

NTUSER.DAT

Key Location:

\Software\Mirabilis\ICQ\

Description:

Lists IM contacts

..................................................................................................................................................

Registry Location:

NTUSER.DAT

Key Location:

\Software\Mirabilis\ICQ\Owners Last Owner

Description:

Last logged in user

..................................................................................................................................................

Registry Location:

NTUSER.DAT

Key Location:

\Software\Mirabilis\ICQ\owners\UIN Name

Description:

User nickname

..................................................................................................................................................

Triage LHF module reports on this key

194 Registry Hives: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20    [ view all ]

Computer Forensics Experts

Creating an Image with OSI

Previewing PST Files

On Scene Computer Forensics

Copy with MD5 report

Windows Recycle Bin

Computer Forensics For Apple Mac

Viewing the Internet Cache

Registry Hives

Using OnScene Investigator

Using Registry LHF

Down Data Sheet

Uses for OnScene Investigator

Project Roadmap



Find a Reseller

Become a Reseller


Training Certification


 
 
 
Home I Site Map I About Us I Help I Terms & Conditions
Copyright 2007 www.forensicsmatter.com All Rights Reserved.