The Windows Registry has been around forever and is sometimes looked at as a HIVE of random chaos. However, even after all these years there is a lot of great information that can be pulled from the registry. This presentation is going to show investigators some key artifacts when working with the Registry (and other system files). Specifically, we will show file change activity allowing you to determine when files were edited or moved.

Join to learn:

• Why should we still care about the Registry?
• Why you should have remote collection abilities within your corporate network.
• Can you collect from your company assets not connected to the company VPN?
• Show the workflow of working with remote collection and the registry to monitor file change on an asset of interest.

Speaker:

Justin Tolman, Forensic Subject Matter Expert, Exterro