Guideline for forensic analysis on windows XP and vista registry

Abstract

On the age of digitalization world and dependencies of people to digital system having a schedule to protect their assets is obvious. Digital hacking is always one of hot subject in information security field. So many organizations need special training to be covered and protected against hackers. Also like every crime which is being investigated the hacking and digital crimes also are being surveyed and the related evidences are being collected through digital investigators who are forensic specialist. Forensic is a science to collect the evidence against hackers in digital world. The Focused issue on this project is collecting the evidences from a limited scope of Microsoft windows Vista and XP versions which is their Registry platform which is one the areas that has valuable information but is not being considered by specialist as well as other areas because of its complexity. The registry platform is the place windows stores all the configurations and this place potentially have evidences inside which need to be found in sake of forensic examination. The number of keys is a lot and searching the keys by each investigator is a tedious work. The keys need to be searched, analyzed, evaluated from forensic value, be considered in evidence management process and being sorted in a referable manner for investigators. That is why we decided to prepare a guideline for investigators interested to have a look to the evidentiary keys and their values. Also as second part of this guideline we have prepared the investigation steps on registry area with Encase tool which is chosen among many tools available currently and have been surveyed so far.