Windows Registry Forensics
Tools Used: VMWare Fusion, Registry Explorer, Registry Viewer
September 2025
- Conducted offline analysis of SYSTEM, SOFTWARE, SAM, SECURITY, DEFAULT, and NTUSER.DAT hives to reconstruct host and user activity
- Parsed key artifacts such as UserAssist, RunMRU, and network interfaces/DHCP to build a timestamped narrative linking registry paths to case findings
- Verified evidence integrity, documented reproducible workflows, and translated low-level hive data into clear, defensible conclusions