Five on Forensics Page 1 - Craig Ball
Five on Forensics Page 1 - Craig Ball
Five on Forensics Page 1 - Craig Ball
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<str<strong>on</strong>g>Five</str<strong>on</strong>g> <strong>on</strong> <strong>Forensics</strong><br />
© 2002-2008 <strong>Craig</strong> <strong>Ball</strong> All Rights Reserved<br />
metafile format or a page descripti<strong>on</strong> language) or they must be ported to a printer<br />
compatible with the <strong>on</strong>e for which the documents were formatted.<br />
Windows Registry<br />
The Windows Registry is the central database of Windows that stores the system<br />
c<strong>on</strong>figurati<strong>on</strong> informati<strong>on</strong>, essentially every thing the operating system needs to “remember”<br />
to set it self up and manage hardware and software.<br />
The registry can provide informati<strong>on</strong> of forensic value, including the identity of the computer’s<br />
registered user, usage history data, program installati<strong>on</strong> informati<strong>on</strong>, hardware informati<strong>on</strong>,<br />
file associati<strong>on</strong>s, serial numbers and some password data. The registry is also where you<br />
can access a list of recent websites visited and documents created, often even if the user has<br />
taken steps to delete those footprints. One benefit of the Registry in forensics is that it tracks<br />
the attachment of USB storage media like thumb drives and external hard drives, making it<br />
easier to track and prove data theft.<br />
In a Windows 95/98/ME envir<strong>on</strong>ment, the registry is a collective name for two files,<br />
USER.DAT and SYSTEM.DAT. In the Windows Vista/XP/NT/2000 envir<strong>on</strong>ment, the registry<br />
is not structured in the same way, but the entire registry can be exported, explored or edited<br />
using a program called REGEDIT that runs from the command line (i.e., DOS prompt) and is<br />
found <strong>on</strong> all versi<strong>on</strong>s of Windows. You may wish to invoke the REGEDIT applicati<strong>on</strong> <strong>on</strong> your<br />
system just to get a sense of the structure and Gordian complexity of the registry, but be<br />
warned: since the registry is central to almost every functi<strong>on</strong> of the operating system, it<br />
should be explored with utmost care since its corrupti<strong>on</strong> can cause serious, i.e., fatal, system<br />
errors.<br />
Cookies<br />
Cookies are the most maligned and misunderstood feature of web browsing. So much<br />
criticism has been heaped <strong>on</strong> cookies, I expect many users lump them together with<br />
computer viruses, spam and hacking as a Four Horseman of the Digital Apocalypse.<br />
Cookies are not malevolent; in fact, they enable a fair amount of c<strong>on</strong>venience and functi<strong>on</strong><br />
during web browsing. They can also be abused.<br />
A cookie is a small (