Difference between pages "Upcoming events" and "Windows Registry"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Conferences)
 
m (Open Source)
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
==Bibliography==
Events should be posted in the correct section, and in date order. An event should NEVER be listed in more than one section (i.e. Ongoing/Continuous events should not be listed in Scheduled Training). When events begin the same day, events of a longer length should be listed first. New postings of events with the same date(s) as other events should be added after events already in the list. If a provider offers the same event at several locations simultaneously, the listing should have a single (ONE) entry in the list with the date(s) and ALL locations for the event. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
* [http://www.dfrws.org/2009/proceedings/p69-zhu.pdf Using ShellBag Information to Reconstruct User Activities.], Yuandong Zhu*, Pavel Gladyshev, Joshua James, DFRWS 2009
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience. Such restrictions should be noted when known.</i>
+
* Recovering Deleted Data From the Windows Registry. Timothy Morgan, DFRWS 2008 [http://www.dfrws.org/2008/proceedings/p33-morgan.pdf [paper]] [http://www.dfrws.org/2008/proceedings/p33-morgan_pres.pdf [slides]]
 +
* [http://www.pkdavies.co.uk/documents/Computer_Forensics/registry_examination.pdf Registry Examination, by Paul Davies]
  
This is a BY DATE listing of upcoming events relevant to [[digital forensics]]. It is not an all inclusive list, but includes most well-known activities. Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
* [http://dfrws.org/2008/proceedings/p26-dolan-gavitt.pdf Forensic Analysis of the Windows Registry in Memory], Brendan Dolan-Gavitt, DFRWS 2008  [http://dfrws.org/2008/proceedings/p26-dolan-gavitt_pres.pdf [slides]]
 +
* [http://www.pkdavies.co.uk/documents/Computer_Forensics/registry_examination.pdf Forensic Analysis of the Windows Registry], Peter Davies, Computer Forensics: Coursework 2 (student paper)
 +
* [http://eptuners.com/forensics/A%20Windows%20Registry%20Quick%20Reference.pdf A Windows Registry Quick-Reference], Derrick Farmer, Burlington, VT.
  
This listing is divided into four sections (described as follows):<br>
+
* [http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B7CW4-4GX1J3B-1&_user=3326500&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000060280&_version=1&_urlVersion=0&_userid=3326500&md5=ab887593e7be6d5257696707886978f1 The Windows Registry as a forensic resource], Digital Investigation, Volume 2, Issue 3, September 2005, Pages 201--205.
<ol><li><b><u>Calls For Papers</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
<li><b><u>Conferences</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
<li><b><u>On-Going / Continuous Training</u></b> - Training opportunities that are either always available online/distance learning format (start anytime) or that are offered the same time every month (Name, date-if applicable, URL)</li><br>
+
<li><b><u>[[Scheduled Training Courses]]</u></b> - Training Classes/Courses that are scheduled for specific dates/locations. This would include online (or distance learning format) courses which begin on specific dates, instead of the "start anytime" courses listed in the previous section. (Provider, URL) (''note: this has been moved to its own page.'')<br></li></ol>
+
  
== Calls For Papers ==
+
* [http://www.forensicfocus.com/downloads/forensic-analysis-windows-registry.pdf Forensic Analysis of the Windows Registry], Lih Wern Wong , School of Computer and Information Science, Edith Cowan University
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
+
  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
* [http://www.sentinelchicken.com/research/registry_format/ The Windows NT Registry File Format], Timothy D. Morgan
|- style="background:#bfbfbf; font-weight: bold"
+
! width="30%|Title
+
! width="15%"|Due Date
+
! width="15%"|Notification Date
+
! width="40%"|Website
+
|-
+
|23rd Computer Security Foundations Symposium
+
|Feb 04, 2010
+
|Mar 19, 2010
+
|http://www.floc-conference.org/CSF-cfp.html
+
|-
+
|USENIX Security Symposium 2010
+
|Feb 05, 2010
+
|Jul 05, 2010
+
|http://www.usenix.org/events/sec10/cfp/
+
|-
+
|Seventh GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment
+
|Feb 05, 2010
+
|Apr 05, 2010
+
|http://dimva2010.fkie.fraunhofer.de/cfp-dimva2010.pdf
+
|-
+
|7th International Symposium on Risk Management and Cyber-Informatics: RMCI 2010
+
|Feb 10, 2010
+
|Mar 03, 2010
+
|http://www.iiis2010.org/wmsci/Contents/CallForPapers-RMCI-2010.pdf
+
|-
+
|Thirtieth Annual International Cryptology Conference
+
|Feb 18, 2010
+
|Apr 30, 2010
+
|http://www.iacr.org/conferences/crypto2010/cfp.php
+
|-
+
|2010 Conference on Digital Forensics, Security and Law
+
|Feb 19, 2010
+
|
+
|http://www.digitalforensics-conference.org/callforpapers.htm
+
|-
+
|Digital Forensic Research Workshop (DFRWS) 2010
+
|Feb 28, 2010
+
|Apr 05, 2010
+
|http://dfrws.org/2010/cfp.shtml
+
|-
+
|Blackhat Europe 2010
+
|Mar 01, 2010
+
|
+
|http://blackhat.com/html/bh-eu-10/registration/bh-eu-10-cfp.html
+
|-
+
|Symposium On Usable Privacy and Security
+
|Mar 05, 2010
+
|Apr 30, 2010
+
|http://cups.cs.cmu.edu/soups/2010/cfp.html
+
|-
+
|20th Virus Bulletin International Conference
+
|Mar 05, 2010
+
|
+
|http://www.virusbtn.com/conference/vb2010/call/index
+
|-
+
|European Symposium on Research in Computer Security
+
|Apr 01, 2010
+
|Jun 10, 2010
+
|http://www.esorics2010.org/index.php?option=com_content&view=article&id=1&Itemid=3
+
|-
+
|13th Annual Recent Advances in Intrusion Detection
+
|Apr 04, 2010
+
|Jun 07, 2010
+
|http://www.raid2010.org/calls-for-participation
+
|-
+
|6th International Conference on Security and Privacy in Communication Networks
+
|Apr 05, 2010
+
|May 31, 2010
+
|http://www.securecomm.org/cfp.shtml
+
|-
+
|ACM Computer and Communications Security Conference
+
|Apr 17, 2010
+
|Jun 21, 2010
+
|http://www.sigsac.org/ccs/CCS2010/cfp.shtml
+
|-
+
|2010 IEEE International Conference on Technologies for Homeland Security
+
|Apr 24, 2010
+
|
+
|http://ieee-hst.org/
+
|-
+
|2nd International ICST Conference on Digital Forensics & Cyber Crime (ICDF2C)
+
|May 01, 2010
+
|Jun 15, 2010
+
|http://www.d-forensics.org/callforpapers.shtml
+
|-
+
|2nd International Workshop on Security in Cloud Computing (SCC'2010)
+
|May 01, 2010
+
|Jun 07, 2010
+
|http://bingweb.binghamton.edu/~ychen/SCC2010.htm
+
|-
+
|}
+
  
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
+
==File Locations==
 +
===Windows XP===
 +
* HKEY_USERS: \Documents and Setting\User Profile\NTUSER.DAT
 +
* HKEY_USERS/DEFAULT: \Windows\system32\config\default
 +
* HKEY_LOCAL_MACHIN/SAM: \Windows\system32\config\SAM
 +
* HKEY_LOCAL_MACHINE/SECURITY: \Windows\system32\config\SECURITY
 +
* HKEY_LOCAL_MACHINE/SOFTWARE: \Windows\system32\config\software
 +
* HKEY_LOCAL_MACHINE/SYSTEM: \Windows\system32\config\system
  
== Conferences ==
+
===Windows 98/ME===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
* \Windows\user.dat
|- style="background:#bfbfbf; font-weight: bold"
+
* \Windows\system.dat
! width="40%"|Title
+
* \Windows\profiles\user profile\user.dat
! width="20%"|Date/Location
+
! width="40%"|Website
+
|-
+
|DoD Cyber Crime Conference
+
|Jan 22-29<br>St. Louis, MO
+
|http://www.dodcybercrime.com/10CC/
+
|-
+
|ShmooCon VI
+
|Feb 05-07<br>Washington, DC
+
|http://www.shmoocon.org
+
|-
+
|International Conference on Technical and Legal Aspects of the e-Society
+
|Feb 10-15<br>St. Maarten, Netherlands Antilles
+
|http://www.iaria.org/conferences2010/CYBERLAWS10.html
+
|-
+
|Third International Workshop on Digital Forensics
+
|Feb 15-18<br>Krakow, Poland
+
|http://www.ares-conference.eu/conf/index.php/workshops/wsdf
+
|-
+
|American Academy of Forensic Sciences Annual Meeting
+
|Feb. 22-27<br>Seattle, WA
+
|http://www.aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
+
|-
+
|17th Network and IT Security Conference
+
|Feb 38-Mar 03<br>San Diego, CA
+
|http://www.isoc.org/isoc/conferences/ndss/10/
+
|-
+
|RSA Conference 2010
+
|Mar 01-05<br>San Francisco, CA
+
|http://www.rsaconference.com/2010/usa/index.htm
+
|-
+
|CanSecWest 2010
+
|Mar 22-26<br>Vancouver, British Columbia, Canada
+
|http://cansecwest.com/index.html
+
|-
+
|Blackhat Europe 2010
+
|Apr 12-15<br>Barcelona, Spain
+
|http://blackhat.com/html/bh-eu-10/bh-eu-10-home.html
+
|-
+
|31st IEEE Symposium on Security and Privacy
+
|May 16-19<br>Oakland, CA
+
|http://oakland31.cs.virginia.edu/
+
|-
+
|AusCERT Asia Pacific Information Security Conference
+
|May 16-21<br>Kenmore Hills, Queensland, Australia
+
|http://conference.auscert.org.au/conf2010/index.html
+
|-
+
|Conference on Digital Forensics, Security and Law 2010
+
|May 19-21<br>St. Paul, MN
+
|http://www.digitalforensics-conference.org/index.htm
+
|-
+
|Blackhat Abu Dhabi 2010
+
|May 30-Jun 02<br>Abu Dhabi, UAE
+
|http://blackhat.com/html/events.html
+
|-
+
|Techno-Security 2010
+
|Jun 06-09<br>Myrtle Beach, SC
+
|http://www.thetrainingco.com/html/Security_Conference_2010.html
+
|-
+
|7th International Symposium on Risk Management and Cyber-Informatics
+
|Jun 29-Jul 02<br>Orlando, FL
+
|http://www.2010iiisconferences.org/RMCI
+
|-
+
|Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment
+
|Jul 08-09<br>Bonn, Germany
+
|http://dimva2010.fkie.fraunhofer.de/
+
|-
+
|Symposium On Usable Privacy and Security
+
|Jul 14-16<br>Redmond, WA
+
|http://cups.cs.cmu.edu/soups/2010/
+
|-
+
|CSF 2010 - 23rd Computer Security Foundations Symposium
+
|Jul 17-19<br>Edinburgh, Scotland, UK
+
|http://www.floc-conference.org/CSF-home.html
+
|-
+
|Blackhat USA 2010
+
|Jul 24-29<br>Las Vegas, NV
+
|http://blackhat.com/html/events.html
+
|-
+
|Digital Forensic Research Workshop (DFRWS) 2010
+
|Aug 02-04<br>Portland, OR
+
|http://dfrws.org/2010/
+
|-
+
|19th USENIX Security Symposium
+
|Aug 11-13(br>Washington, DC
+
|http://www.usenix.org/events/sec10/
+
|-
+
|30th International Cryptology Conference
+
|Aug 15-19<Santa Barbara, CA
+
|http://www.iacr.org/conferences/crypto2010/
+
|-
+
|6th International Conference on Security and Privacy in Communication Networks
+
|Sep 07-10<br>Singapore
+
|http://www.securecomm.org/index.shtml
+
|-
+
|2nd International Workshop on Security in Cloud Computing (SCC'2010)
+
|Sep 13-16<br>San Diego, CA
+
|http://bingweb.binghamton.edu/~ychen/SCC2010.htm
+
|-
+
|13th International Symposium on Recent Advances in Intrusion Detection
+
|Sep 15-17<br>Ottowa, Ontario, Canada
+
|http://www.raid2010.org/
+
|-
+
|European Symposium on Research in Computer Security
+
|Sep 20-22<br>Athens, Greece
+
|http://www.esorics2010.org/
+
|-
+
|2010 HTCIA International Training Conference & Exposition
+
|Sep 20-22<br>Atlanta, GA
+
|http://www.htciaconference.org/
+
|-
+
|VB2010 Fighting malware and spam
+
|Sep 29-Oct 01<br>Vancouver, BC, Canada
+
|http://www.virusbtn.com/conference/vb2010/
+
|-
+
|17th ACM Computer and Communications Security Conference
+
|Oct 04-08<br>Chicago, IL
+
|http://www.sigsac.org/ccs/CCS2010/
+
|-
+
|2nd International ICST Conference on Digital Forensics & Cyber Crime (ICDF2C)
+
|Oct 04-06<br>Abu Dhabi, UAE
+
|http://www.d-forensics.org/
+
|-
+
|Techno Forensics 2010
+
|Oct 25-26<br>Gaithersburg, MD
+
|http://www.techsec.com/html/TechnoForensics2010.html
+
|-
+
|2010 IEEE International Conference on Technologies for Homeland Security
+
|Nov 08-10<br>Waltham, MA
+
|http://ieee-hst.org/
+
|-
+
|IFIP Working Group 11.9 - Digital Forensics
+
|January 2011<br>Unknown
+
|http://www.ifip119.org/Conferences/
+
|-
+
|}
+
  
== On-going / Continuous Training ==
+
==Tools==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
===Open Source===
|- style="background:#bfbfbf; font-weight: bold"
+
* [http://projects.sentinelchicken.org/reglookup/ reglookup] — "small command line utility for reading and querying Windows NT-based registries."
! width="40%"|Title
+
* [http://sourceforge.net/projects/regviewer/ regviewer] — a tool for looking at the registry.
! width="20%"|Date/Location
+
* [http://www.regripper.net/ RegRipper] — "the fastest, easiest, and best tool for registry analysis in forensics examinations."
! width="40%"|Website
+
* [http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.51/lib/Parse/Win32Registry.pm Parse::Win32Registry] perl module.
|-
+
 
|- style="background:pink;align:left"
+
===Commercial===
! DISTANCE LEARNING
+
* [http://www.abexo.com/free-registry-cleaner.htm Abexo Free Regisry Cleaner]
|-
+
* [http://www.auslogics.com/registry-defrag Auslogics Registry Defrag]
|Basic Computer Examiner Course - Computer Forensic Training Online
+
* [http://lastbit.com/arv/ Alien Registry Viewer]
|Distance Learning Format
+
* [http://www.larshederer.homepage.t-online.de/erunt/index.htm NT Registry Optimizer]
|http://www.cftco.com
+
* [http://www.registry-clean.net/free-registry-defrag.htm iExpert Software-Free Registry Defrag]
|-
+
* [http://paullee.ru/regundel Registry Undelete (russian)]
|Linux Data Forensics Training
+
* [http://mitec.cz/wrr.html Windows Registry Recovery]
|Distance Learning Format
+
* [http://registrytool.com/ Registry Tool]
|http://www.crazytrain.com/training.html
+
|-
+
|SANS On-Demand Training
+
|Distance Learning Format
+
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
+
|-
+
|Champlain College - CCE Course
+
|Online / Distance Learning Format
+
|http://extra.champlain.edu/cps/wdc/alliances/cce/landing/
+
|-
+
|Las Positas College
+
|Online Computer Forensics Courses
+
|http://www.laspositascollege.edu
+
|-
+
|- style="background:pink;align:left"
+
!RECURRING TRAINING
+
|-
+
|MaresWare Suite Training
+
|First full week every month<br>Atlanta, GA
+
|http://www.maresware.com/maresware/training/maresware.htm
+
|-
+
|Evidence Recovery for Windows Vista&trade;
+
|First full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for Windows Server&reg; 2003 R2
+
|Second full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for the Windows XP&trade; operating system
+
|Third full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|Third weekend of every month(Fri-Mon)<br>Dallas, TX
+
|http://www.md5group.com
+
|-
+
|}
+
  
 
==See Also==
 
==See Also==
* [[Scheduled Training Courses]]
+
* [http://windowsir.blogspot.com/search/label/Registry Windows Incident Response Articles on Registry]
==References==
+
* [http://www.answers.com/topic/win-registry Windows Registry Information]
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
+
* [http://en.wikipedia.org/wiki/Windows_Registry Wikipedia Article on Windows Registry]
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
+
[[Category:Bibliographies]]
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
+
* [http://moyix.blogspot.com/search/label/registry Push the Red Button] — Articles on Registry
 +
* [http://tech.groups.yahoo.com/group/win4n6/ Windows Forensics Mailing List]
 +
* [http://samba.org/~jelmer/kregedit/ kregedit] - a KDE utility for viewing and editing registry files.
 +
* [http://www.bindview.com/Services/RAZOR/Utilities/Unix_Linux/ntreg_readme.cfm ntreg] a file system driver for linux, which understands the NT registry file format.
 +
 
 +
 
 +
* http://www.opensourceforensics.org/tools/unix.html - Open Source Forensic Tools on Brian Carrier's website.

Revision as of 11:54, 1 January 2010

Contents

Bibliography

File Locations

Windows XP

  • HKEY_USERS: \Documents and Setting\User Profile\NTUSER.DAT
  • HKEY_USERS/DEFAULT: \Windows\system32\config\default
  • HKEY_LOCAL_MACHIN/SAM: \Windows\system32\config\SAM
  • HKEY_LOCAL_MACHINE/SECURITY: \Windows\system32\config\SECURITY
  • HKEY_LOCAL_MACHINE/SOFTWARE: \Windows\system32\config\software
  • HKEY_LOCAL_MACHINE/SYSTEM: \Windows\system32\config\system

Windows 98/ME

  • \Windows\user.dat
  • \Windows\system.dat
  • \Windows\profiles\user profile\user.dat

Tools

Open Source

  • reglookup — "small command line utility for reading and querying Windows NT-based registries."
  • regviewer — a tool for looking at the registry.
  • RegRipper — "the fastest, easiest, and best tool for registry analysis in forensics examinations."
  • Parse::Win32Registry perl module.

Commercial

See Also


Retrieved from "http://www.forensicswiki.org/w/index.php?title=Upcoming_events&oldid=4507"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox