<removed>
I see you're from Burlington, VT… by any chance a Champlain College – Computer and Digital Forensics student? Your motivation is inspiring. Your reference guide looks great and I look forward to using it in my examinations!
Thank you Harlan and thank you Craig D
With the compilation of both explations, I understand it now. This definitely gives me somewhere to go!
Lynita, I am in deed a Champlain student. I'm glad you like the reference guide so far, but please keep in mind this is a working progress and a pretty rough copy at that. I'm glad it can be of use to you though. Stick around for the final product D
Thank you for all of your comments, suggestions, and insight thus far. This is excellent!
Derrick
Round 2-
I have taken everyone's comments and suggestions into account and made quite a few revisions compared to the first one you all saw.
Sections added-
Registry Hive Locations
Time Zone Information
Time Stamp Structure
UserAssist timestamp information
http//
Any comments or suggestions will be extremely helpful. My primary goal is to make this actually useful to examiners in the field. Let me know if there is something you think I should add or delete D
Thanks in advance,
Derrick
Nothing? There's nothing else you'd like to see in a quick reference? There's nothing that you wouldn't normally reference that isn't in document?
Would any of you personally use it when it's complete?
Derrick
Greetings,
I actually was about to personally use it this morning but couldn't print it or save it and thus couldn't try using it as a reference document. I'm sure, after using it, some other suggestions will arise.
-David
Nothing? There's nothing else you'd like to see in a quick reference? There's nothing that you wouldn't normally reference that isn't in document?
Would any of you personally use it when it's complete?
Derrick
I PM'd you…
Thanks, this will come in handy for a newbie like me learning forensics. Good reference guide. D
Perhaps I missed it, but is there a registry that shows last user logged in and last reboot?
Thank you for sharing this guide.
Greetings,
I actually was about to personally use it this morning but couldn't print it or save it and thus couldn't try using it as a reference document. I'm sure, after using it, some other suggestions will arise.
-David
I apologize for that and have replaced it with a downloadable and printable version. Please note though, this isn't finished. It is still being worked on and as I made changes I will update the online document.
Right now I'm just asking if people will look it over and let me know if this is useful, isn't useful, needs improvements and where, if something isn't completely correct or not explained in enough detail, keys to add, interesting notes to mention, etc.
I ultimately want this to be something that I can use and others can use as a registry quick reference when we aren't 100% sure about something and need to verify it.
Please don't think this is complete because it is far from it. I'm simply asking for your feedback.
I PM'd you…
I PM'd you back.
Thank you.
Derrick
Okay everyone, the revised versions is up.. Again, I can't stress enough that this isn't a comprehensive registry reference. It is just a quick reference guide that demonstrates a few keys that could be relevant in an examination.
I still would love to hear any comments, concerns, or suggestions you may have. You can post them here, pm me, or email me. I hope that some of you can find this quick reference useful. If not, I apologize.
http//www.forensicfocus.com/downloads/windows-registry-quick-reference.pdf
Thanks again,
Derrick