Windows Registry Analysis
In this hands-on lab, you will be introduced to the Windows Registry as a critical data source when performing digital forensic analysis of a Windows system. You will practice extracting Registry files from a system image, examining specific data in Registry keys, and cleaning dirty hives.

Course Content
Upon completing this lab, you should be able to:
- Describe and define the Windows Registry and its purpose as a repository of configuration data for the OS.
- Describe and navigate the structure of Registry hives.
- Extract Registry files from a system image.
- Identify, locate and interpret data in Registry keys.
- Clean dirty hives.
- Use Registry Explorer to perform basic keyword searches of a loaded Registry file.