Windows registry analysis for forensic purpose / Riziana Ibrahim

The cyber attack is a severe attack that might cause harm especially to the big organization. It is therefore the attacks need to be fight and stop. The attack comes in various approach and forms. One of it is through the channel of remote access. Many organizations nowadays had allowed the remote access due to the flexibility of their staffs working from home. Without conscious on the vulnerability, this organization continues to be susceptible to attack. Attacks can be initiated either by insider or outsider. The insider of course will have much more advantage assuming that they already know the organization's structure and passwords to the machine. One of the attacks that are top to be planted on the machine is spyware. This spyware is very useful to the attacker and very harmful to the machine's owner. In the event of an attack, an investigation must be carried out. The main purpose of investigation is to inspect the illegal activities and to get the potential evidence. In this study, Windows registry analysis was made on the Windows 7 Home Enterprise (32 bit) platform. The study was focused to identify the existence of unwanted application of the Virtual Network Computing (VNC) and keylogger application. The outcome of this study is the artifacts of the registry values in correlation to the user activities.