Home About Us Sign Up Downloads FAQ Contact Us
 
Registry Hives

..................................................................................................................................................

The following registry keys are extracted and reported on by OnScene LHF. Many of these registry keys are a source of  valuable evidence during computer forensic investigations.

OnScene LHF will allow you to add your own registry keys. This can be useful for software licensing audits.

Registry Location:

HKCU

Key Location:

\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Description:

Open saved most recently used

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Description:

Recent documents most recently used

..................................................................................................................................................

Registry Location:

HKLM

Key Location:

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Description:

Windows programs uninstall location

..................................................................................................................................................

Registry Location:

HKLM

Key Location:

\Software\Microsoft\Windows\CurrentVersion\Policies\Explore\NoDriveTypeAutoRun

Description:

Designates which drives will parse autorun.inf files located in the root of the drive

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

\Software\Microsoft\Windows\CurrentVersion\Policies\Explore\NoDriveTypeAutoRun

Description:

..................................................................................................................................................

Registry Location:

HKLM

Key Location:

\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun

Description:

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun

Description:

..................................................................................................................................................

Registry Location:

HKLM

Key Location:

\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate

Description:

If set to 1, updating of last access times is disabled.

..................................................................................................................................................

Registry Location:

HKLM

Key Location:

\System\CurrentControlSet\Control\Session Manager\KnownDLLs

Description:

Contains a list of DLLs to be loaded at system start

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAuotExec

Description:

By default, Windows 2K+ systems do not parse the autoexec.bat file. Set this Registry entry to "1" to enable parsing of the file.

..................................................................................................................................................

Triage LHF module reports on this key

194 Registry Hives: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20    [ view all ]

Computer Forensics Experts

Creating an Image with OSI

Previewing PST Files

On Scene Computer Forensics

Copy with MD5 report

Windows Recycle Bin

Computer Forensics For Apple Mac

Viewing the Internet Cache

Registry Hives

Using OnScene Investigator

Using Registry LHF

Down Data Sheet

Uses for OnScene Investigator

Project Roadmap



Find a Reseller

Become a Reseller


Training Certification


 
 
 
Home I Site Map I About Us I Help I Terms & Conditions
Copyright 2007 www.forensicsmatter.com All Rights Reserved.