Time
4 hours 15 minutes
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:02
Hi. Welcome back in this lab. We're going to learn how to start data and information for the system registry by using the access data for a six toolkit, which can can, ah, hard drive a file or any much looking for Berries in formation.
00:21
For this lab, you will need a Windows operative sister environment, our bro, sir. And you will also need the late desperation off access data F decay imager on dhe excess data This reviewer installed on your computer
00:38
first
00:39
looking into your windows machine. I'm open. I would, bro. Sir, I haven't hear Google Crumb running on a Windows 10 Environment
00:48
search for access data F Decay Imager on access data Entry Street viewer.
00:55
Or you can go directly to the league in the guide in the website, you be ableto down lows on who stole the tools required.
01:04
Remember, we need to stall Reese review over on F decay imager.
01:19
You We need to provide some information like name on email in orderto download that wolf.
01:45
This relation is pretty straightforward. You need to follow the wizard, agree with the terms on click Off next.
01:55
That is why I'm keeping this step as I already half the tools it's told.
02:00
Open access data F decayed, immature.
02:04
This is the most widely used stun alone disc. Imagine program to extract the window strays three. From a computer,
02:13
click on there at evidence item. Bottom
02:15
on select logical dry looks around data from Upper Titian. We construct data from the hard drive by clicking physical drive. We can also struck data from Honey Much file or a folder.
02:31
Select the source drive. In my case, I'm selecting the C drive off my computer to extract the local crime history.
02:40
Expand their industry.
02:43
Wait for the skull to finish on Goto Wing. Those sister Terri toe config.
03:31
In here, we can see that you're Eastern high supporting five
03:37
A Sweet and lice In the previous videos, the Windows raised three contains a root key titles. A key local machine,
03:46
which contains settings that relate to the local computer.
03:50
There are four maze of keys under these key. Some security so far our system,
03:59
which we can see in here.
04:00
We can also see the new restrict haIf, such as the every launch, anti malware or alarm on the browser based interface, or B. I
04:12
doing wants to wash the previous videos in this mortal to see the definition off each haIf
04:19
to export. If I right, click on it and select 45
04:26
we're going to export the Sun file as we know that it contains information about, well, those accounts
04:46
toe open. If I exported Open access Data is reviewer
05:02
drag on, Drop the sun file into the application.
05:08
We will see the priest Ricky's related to these haIf with information about the Windows users on groups in a hushed for months,
05:18
feel free to explore the rest off their history. HaIf on Learn what we can find on them. Don't forget to check. The references are so meant off for more information
05:30
in the next mortal. We talk about some important information to look for when in our life, in the evidence.

Up Next

Windows Forensics and Tools

The Windows Forensics and Tools course focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as some compatible software or tools that can be used to obtain or process information in such systems.

Instructed By

Instructor Profile Image
Adalberto Jose Garcia
Information Security Analyst at Bigazi
Instructor