Registry Forensic Analysis
Tags
| country: | Turkey |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Hardware - T1592.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | ec181b1a-a761-4aff-90c4-4ef5ea56b62b |
| Fingerprint | 5c1e1a57f53760c5 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 5, 2023, 12:48 a.m. |
| Added to db | March 5, 2023, 2:52 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Registry Forensic Analysis |
| Title | Registry Forensic Analysis |
| Detected Hints/Tags/Attributes | 35/2/15 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 7 | www.forensicfocus.com |
|
| Details | File | 79 | regedit.exe |
|
| Details | File | 193 | ntuser.dat |
|
| Details | File | 28 | usrclass.dat |
|
| Details | File | 1 | c:\windows\system32\config in the filename sam.log |
|
| Details | File | 3 | appcompatcacheparser.exe |
|
| Details | Url | 2 | https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers |
|
| Details | Url | 1 | https://www.forensicfocus.com/articles/windows-registry-analysis-101 |
|
| Details | Windows Registry Key | 4 | HKEY_LOCAL_MACHINE\SOFTWARE\Classes |
|
| Details | Windows Registry Key | 1 | HKEY_USERS\DEFAULT |
|
| Details | Windows Registry Key | 4 | HKEY_LOCAL_MACHINE\SAM |
|
| Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\Security |
|
| Details | Windows Registry Key | 13 | HKEY_LOCAL_MACHINE\Software |
|
| Details | Windows Registry Key | 4 | HKEY_LOCAL_MACHINE\System |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\CLASSES |