Incident Response with EZTools - Registry Forensics

RECmd is bundled with EZTools. This tool is a Registry searching tool that support multi-hive, plugins and more.

Windows Registry can provide us with a wide array of information about executables, systems, users, applications, etc., inside Windows systems.

Registry Hive is a logical group of keys, subkeys, and values inside the registry that has a set of supporting files loaded into memory when the operating system is started or a user logs in.

During an incident, the Windows Registry can give us a lot of evidence and breadcrumbs that can be used during the investigation, able to acquire this evidence with the help of skills and the right tools can aid the responder to quickly resolve the incident.