the . .
|−|* Recovering Deleted Data From the Windows Registry. Timothy Morgan, DFRWS 2008 [http://www. dfrws.org/2008/proceedings/p33-morgan.pdf [paper]] [http://www.dfrws.org/2008/proceedings/p33-morgan_pres.pdf [slides]] |+|
|−|* [http://www.pkdavies.co.uk/documents/Computer_Forensics/registry_examination.pdf |+|
| || |
|−|* [http://dfrws.org/2008/proceedings/p26-dolan-gavitt.pdf Forensic Analysis of the Windows Registry in Memory], Brendan Dolan-Gavitt, DFRWS 2008 [http://dfrws.org/2008/proceedings/p26-dolan-gavitt_pres.pdf [slides]] |+|
|−|* [http://www.pkdavies.co.uk/documents/Computer_Forensics/registry_examination.pdf Forensic Analysis of the Windows Registry], Peter Davies, Computer Forensics: Coursework 2 (student paper) |+|
|−|* [http://eptuners.com/forensics/A%20Windows%20Registry%20Quick%20Reference.pdf A Windows Registry Quick-Reference], Derrick Farmer, Burlington, VT. |+|
| || |
|−|* [http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B7CW4-4GX1J3B-1&_user=3326500&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000060280&_version=1&_urlVersion=0&_userid=3326500&md5=ab887593e7be6d5257696707886978f1 The Windows Registry as a forensic resource], Digital Investigation, Volume 2, Issue 3, September 2005, Pages 201--205. |+|
| || |
|−|* [http://www.forensicfocus.com/downloads/forensic- analysis- windows- registry. pdf Forensic Analysis of the Windows Registry], Lih Wern Wong , School of Computer and Information Science, Edith Cowan University |+|
. Forensic of the , of
| || |
|−|* [http://www. sentinelchicken.com/research/registry_format/ The Windows NT Registry File Format], Timothy D. Morgan |+|
. The , .
| || |
|−|===Open Source=== |+|
|−|* [http://sourceforge. net/projects/regviewer/ regviewer] -- a tool for looking at the registry. |+|
|−|* [http://www. regripper.net/ RegRipper] --- "the fastest, easiest, and best tool for registry analysis in forensics examinations." |+|
|−|* [http://www.abexo.com/free-registry-cleaner.htm Abexo Free Regisry Cleaner] |+|
|−|* [http://www.auslogics.com/registry-defrag Auslogics Registry Defrag] |+|
|−|* [http://lastbit.com/arv/ Alien Registry Viewer] |+|
|−|* [http://www.larshederer.homepage.t-online.de/erunt/index.htm NT Registry Optimizer] |+|
|−|* [http://www.registry-clean.net/free-registry-defrag.htm iExpert Software-Free Registry Defrag] |+|
|−|* [http://paullee.ru/regundel Registry Undelete (russian) ] |+|
|−|* [http://mitec.cz/wrr.html Windows Registry Recovery] |+|
|−|* [http://registrytool.com/ Registry Tool] |+|
| || |
|−|==See Also== |+|
|−|* [http:// windowsir. blogspot. com/ search/ label/Registry Windows Incident Response Articles on Registry] |+|
|−|* [http://www. answers. com/ topic/ win-registry Windows Registry Information] |+|
|−|* [http:// en. wikipedia.org/ wiki/Windows_Registry Wikipedia Article on Windows Registry] |+|
|−|* [http:// moyix. blogspot. com/ search/ label/registry Push the Red Button] - Articles on Registry |+|
Revision as of 21:19, 8 March 2007
This page describes internship opportunities in the field of computer forensics. Please feel free to add your own.
By Chet Uber, March 8, 2007
In the Nebraska Cyber Crime Task Force and issue arose which stopped college students from being allowed to work as interns and this was that they do not have the formal training that official forensic officers do; and can damage critical evidence. This was a valid comment by the director of the State Patrol's Forensic Lab. A number of is in the room ran through ways to do away with this potential problem (please note this is not at all related to releasing confidential information, but rather the destruction of the original foresnic evidence.
A SOULTION THAT WORKS
The disk is duplicated, and the duplicate is given to the Universities Forensic Lab Manager, who assigns cases. The intern then performs forensics and records offsets, or other methods to form a "recipe" to find what they found. This receipe can then be passed back to Law Enforcement and they can recreate the examination. This method saves LE a lot of time, and gives good experience to not just one student intern, but can be given to many interns. For more information on this novel solution contact:
Dr. Blaine Burnham (firstname.lastname@example.org)
Executive Director, Nebraska University Consortium on Information Assurance
Dr. Burnham is the Director of NUCIA and a Senior Research Fellow for the College of Information Science and Technology. Most recently, he was the Director of the Georgia Tech Information Security Center. Previously, Burnham worked in a variety of information assurance roles at the National Security Agency (NSA), Los Alamos National Laboratory, and Sandia Laboratory.
To see the top class labs that are available at this institution see:
1. Check out this page: http://www.rit.edu/~gtfsbi/forensics/internships.htm it has a load of internships although all are not stipend paying
2. Internet Crimes Against Children. ICAC has offices in almost every state.
3. Check with companies that do computer forensics. Examples include Kroll and Pinkerton.
4. Explore the Scholarship for Service and Scholarship for Work programs offered by the US Government.
Vermont ICAC (Internet Crimes Against Children). http://www.vtspecialcrimes.org/
Vermont State Patrol. They are almost always understaffed, and may have suggestions working with Counties and Cities. It requires a that you are not a felon and can pass a 7-year background check -- but a lot of places are so backlogged they are putting on reserve deputies to work cyber crime. http://www.dps.state.vt.us/vtsp/bci.html