Intro to Windows Forensics: Windows Registry Artifacts - TryHackMe Walkthrough

TryHackMe recently released a room dedicated to Windows Forensics! We do a walkthrough of the TryHackMe WindowsForensics1 room and learn all about the Windows Registry in digital investigations. This room covers Windows Registry Hive locations, software tools used for investigation, Windows Registry artifacts, and their meanings. Learn to analyze UserAssist, MRUs, ShellBags, external devices, and so much more. Thank you to our Members and Patrons, but especially to our Investigators TheRantingGeek and Roman! Thank you so much! Sign up for the room free here to follow along: https://tryhackme.com/room/windowsforensics1 00:00 TryHackMe WindowsForensics 00:19 Open TryHackMe Windows Forensics room 00:35 Introduction to Windows Forensics 02:34 Windows Registry and Forensics 06:31 Exploring Windows Registry 08:30 System Information and System Accounts 14:17 Usage or knowledge of files/folders 17:48 Evidence of Execution 20:56 External Devices/USB device forensics 24:42 Hands-on Challenge 32:08 Conclusion I had a lot of fun with this room. I hope you did too! Let me know if you would like to see more digital forensic walkthroughs, and don't forget to subscribe! 🚀 Full Digital Forensic Courses → https://learn.dfir.science Links: * TryHackMe Windows Forensics Room: https://tryhackme.com/room/windowsforensics1 Related book: * Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry (https://amzn.to/3fEyW6y) #TryHackMe #Windows #Forensics #Registry # Walkthrough 010001000100011001010011011000110110100101100101011011100110001101100101 Get more Digital Forensic Science 👍 Subscribe → https://bit.ly/2Ij9Ojc ❤️ YT Member → https://bit.ly/DFIRSciMember ❤️ Patreon → https://www.patreon.com/dfirscience 🕸️ Blog → https://DFIR.Science 🤖 Code → https://github.com/DFIRScience 🐦 Follow → https://www.twitter.com/DFIRScience 📰 DFIR Newsletter → https://bit.ly/DFIRNews 010100110111010101100010011100110110001101110010011010010110001001100101 Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing.