Title: RegForensicTool: Evidence Collection and Analysis of Windows Registry

Issue Number: Vol. 5, No. 2
Year of Publication: Jun - 2016
Page Numbers: 94-105
Authors: Dinesh N. Patil, Bandu B. Meshram
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002064


The Registry works as a configuration database, maintaining the information needed for the running of the Computer System. In addition to this, the Registry is a source of evidence against the cyber crime as the details of the activity on the system is maintained in it. Therefore investigating the Registry can help to collect information relevant to the case. After considering existing research and tools, the paper suggests a new evidence collection and analysis methodology, RegForensicTool to aid in the process of Digital Forensic Investigation of Registry.