Investigating Malware Using Registry Forensics
Offered By: YouTube
Course Description
Overview
Explore registry forensics techniques for investigating malware in this 44-minute conference talk from Louisville Infosec 2017. Delve into the Windows Registry's structure, terminology, and primary hives. Learn how registry analysis can aid in malware detection through examination of MuiCache, AppCompatCache, Amcache.hve, UserAssist, and Recent Apps. Discover persistence mechanisms and advanced techniques like Unicode RLO character manipulation and large registry value analysis. Investigate Shellbags and user activity for a comprehensive understanding of malware behavior and system interactions.
Syllabus
Intro
Outline
Why the Registry?
The Windows Registry
Progression of the Registry
Registry Terminology
Primary Hives Comprising the Registry
What can Registry Analysis Help Answer?
Detection: MuiCache
Detection: AppCompatCache
AppCompatCache Volatility Plugin
Detection: Amcache.hve
Amcache.hve Data
Detection: UserAssist
Detection: Recent Apps
Persistence
More Fun: Unicode RLO Character
More Fun: Large Registry Values
Investigation: Shellbags
Investigation: Activity
Conclusion
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy