Windows Registry Lab

Infosec Learning
Virtual Lab

The Windows registry is an extensive database of user and application settings on a Windows system. The Windows registry can be a treasure trove of information which can help an analyst or a forensic examiner determine many things about the user’s operating systems. Someone performing malware analysis on a compromised machine is also interested in ...

Time
1 hour 30 minutes
Difficulty
Beginner
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

The Windows registry is an extensive database of user and application settings on a Windows system. The Windows registry can be a treasure trove of information which can help an analyst or a forensic examiner determine many things about the user’s operating systems. Someone performing malware analysis on a compromised machine is also interested in registry settings because attackers can set things to start at startup by using certain registry keys. Students will use tools like regedit and FTK Imager in this lab to perform forensic examination of the Windows registry.