User Profiles and the Windows Registry Lab

Infosec Learning
Virtual Lab

This lab is part of a series of lab exercises designed through a grant initiative by the Center for Systems Security and Information Assurance (CSSIA) and the Network Development Group (NDG) funded by the National Science Foundation’s (NSF) Advanced Technological Education (ATE) program Department of Undergraduate Education (DUE) Award No. 0702872 ...

Time
1 hour 30 minutes
Difficulty
Beginner
Share
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

This lab is part of a series of lab exercises designed through a grant initiative by the Center for Systems Security and Information Assurance (CSSIA) and the Network Development Group (NDG) funded by the National Science Foundation’s (NSF) Advanced Technological Education (ATE) program Department of Undergraduate Education (DUE) Award No. 0702872 and 1002746.  

By the end of this lab, the student will capture the registry hives of the Windows operating system using a free, commercial tool called FTK Imager. Students will then analyze the registry hives using two open source tools: RegRipper and RegViewer.

This lab includes the following tasks:

Task 1 - Capturing a live Windows XP registry Task 2 - Analyzing the registry hives using RegViewer Task 3 - Analyzing the registry hives using Regripper