Windows registry in forensic analysis

Windows registry contains information that are helpful during a forensic analysis Windows registry is an excellent source for evidential data, and knowing the type of information that could possible exist in the registry and location is critical during the forensic analysis process. Let’s analyze the main keys… Recent opened Programs/Files/URLs HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU MRU is the abbreviation for…

Understanding Process Hollowing

A technique used by malware author to evade defenses and detection analysis of malicious processes execution Process hollowing is a technique used by malware in which a legitimate process is loaded on the system solely to act as a container for hostile code. How it works? At launch, the legitimate process is created in a suspended…