Category: Windows

Cybersecurity, Dfir, Forensics, Windows

Windows registry in forensic analysis

Windows registry contains information that are helpful during a forensic analysis Windows registry is an excellent source for evidential data, and knowing the type of information that could possible exist in the registry and location is critical during the forensic analysis process. Let’s analyze the main keys… Recent opened Programs/Files/URLs HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU MRU is the abbreviation for […]