YoVDO

Investigating Malware Using Registry Forensics

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Digital Forensics Courses Malware Analysis Courses Incident Response Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore registry forensics techniques for investigating malware in this 44-minute conference talk from Louisville Infosec 2017. Delve into the Windows Registry's structure, terminology, and primary hives. Learn how registry analysis can aid in malware detection through examination of MuiCache, AppCompatCache, Amcache.hve, UserAssist, and Recent Apps. Discover persistence mechanisms and advanced techniques like Unicode RLO character manipulation and large registry value analysis. Investigate Shellbags and user activity for a comprehensive understanding of malware behavior and system interactions.

Syllabus

Intro
Outline
Why the Registry?
The Windows Registry
Progression of the Registry
Registry Terminology
Primary Hives Comprising the Registry
What can Registry Analysis Help Answer?
Detection: MuiCache
Detection: AppCompatCache
AppCompatCache Volatility Plugin
Detection: Amcache.hve
Amcache.hve Data
Detection: UserAssist
Detection: Recent Apps
Persistence
More Fun: Unicode RLO Character
More Fun: Large Registry Values
Investigation: Shellbags
Investigation: Activity
Conclusion


Related Courses

Foundations of Computer Science for Teachers
The University of Texas at Austin via edX Computer Forensics
Rochester Institute of Technology via edX FinTech Security and Regulation (RegTech)
The Hong Kong University of Science and Technology via Coursera Cyber Security
CEC via Swayam Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX