ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술대회 Windows Registry and Hiding Suspects' Secret in Registry
Cited 7 time in scopus Download 0 time Share share facebook twitter linkedin kakaostory
저자
김영수, 홍도원
발행일
200804
출처
International Conference on Information Security and Assurance (ISA) 2008, pp.393-398
DOI
https://dx.doi.org/10.1109/ISA.2008.8
협약과제
08MS2600, 정보투명성 보장형 디지털 포렌식 시스템 개발, 홍도원
초록
Windows registry, a central repository for configuration data, should be investigated for obtaining forensic evidences, since it contains lots of information that are of potential evidential value. Using some forensic tools, forensic examiners can investigate values of windows registry and get information can be forensic evidences. However, since windows registry contains huge amount of values and these values can be modified by users, suspect can hide his secret like password in registry values. In this paper, we discuss the basics of Windows XP registry and extract some registry entries related to forensic analysis. Finally, we show that some countermeasures are needed, listing up consideration items for hiding secrets in registry as suspect's viewpoint. © 2008 IEEE.
KSP 제안 키워드
Configuration data, Forensic Analysis, Windows registry, forensic tool