For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
A Framework for Storage Security in Cloud Computing
p.1767
A Approach of Credibility-Based Trust Management Service in Cloud Environments
p.1771
A New Model of Computer Go Based on Patterns
p.1779
A Reliability Enhance Method towards Hadoop Architecture
p.1783
Analysis of User Activity Based on Registry in RAM
p.1787
Design and Implementation of Video Conference System Based on SIP
p.1791
On E-Commerce Development Strategies of Pearl River Delta Region
p.1795
Determined Key Distribution Protocol Using Orthogonal Product States
p.1799
Hardware-in-the-Loop Simulation of Missile Control System Based on Windows Operation System
p.1804

Analysis of User Activity Based on Registry in RAM

Article Preview

Abstract:

As important evidences and clue sources in computer crime investigation, the information of user activity plays an important role in the aspect of revealing detail of offender’s operation. The specific keys of registry in RAM are related to specific user activity. The structures of registry in RAM are different from in disk, especially in the aspect of cell index translation. Based on analysis of data structure for registry in RAM, this paper introduces the technology of cell index translation in detail. Also summarizes the keys closely related to user activity, and illustrates the method of analysis of user activity based on registry in RAM with real case. The method is proved to be accurate and efficient in real work of digital investigation.

You might also be interested in these eBooks
Advances in Mechatronics and Control Engineering View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 278-280)

Pages:

1787-1790

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.278-280.1787

Citation:

Cite this paper

Online since:

January 2013

Authors:

Wen Hua Luo

Keywords:

Cell, Cell Index, Hive, RAM, Registry, User Activity

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2013 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] Carvey H. Windows forensic analysis[M]. US: Syngress, 2008: 134-156.

Google Scholar

[2] Russinovich MR, Solomon DA. Microsoft windows Internals: Microsoft windows Server 2003, windows XP, and windows 2000(4th ed)[M]. USA: Microsoft Press, 2005: 190-228.

DOI: 10.1007/978-1-4302-0016-1_4

Google Scholar

[3] Russinovich MR, Solomon DA. Microsoft windows Internals: Windows Server 2008 and Windows Vista(5th ed)[M]. USA: Microsoft Press, 2009: 246-266.

DOI: 10.1016/b978-1-59749-280-5.00003-1

Google Scholar

[4] Harlan C. The Windows Registry as a Forensic Resource[J]. Digital Investigation, 2005, 2: 201-205.

Google Scholar

[5] Brendan Dolan-Gavitt. Forensic analysis of the Windows registry in RAM [J]. Digital Investigation, 2008, 5: 26-32.

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.