Incident Response with EZTools - Registry Forensics

Registry Explorer is bundled with EZTools, this tool is a Registry viewer with searching, multi-hive support, plugins and more.

Windows Registry can provide us with a wide array of information about executables, systems, users, applications, etc., inside Windows systems.

Registry Hive is a logical group of keys, subkeys, and values inside the registry that has a set of supporting files loaded into memory when the operating system is started or a user logs in.

During an incident, the Windows Registry can give us a lot of evidence and breadcrumbs that can be used during the investigation, able to acquire this evidence with the help of skills and the right tools can aid the responder to quickly resolve the incident.

 

Exploring Registry Explorer

Introduction to Windows Forensics

Registry Explorer - Part 1

Registry Explorer - Part 2