Davgro - Canadian reseller of AccessData, Paraben and CacheBack forensic software tools.

AccessData Windows Forensics - REGISTRY Training

Government and Law Enforcement...................................................US $1,995
Corporate and Private Sector...........................................................US $2,495

In the continually evolving Windows Forensics series, the Windows registry continues to be a major source of Windows related artifact and information storage. Having the proper knowledge of registry based artifacts can make or break an investigation. In this course, attendees will utilize AccessData technology while being exposed to:

Registry hive, cell and "hbin" block construction
Live registry file capture from a Windows environment
Carving registry key information from dumped memory files
Registry testing, analysis and reporting technology
Registry back-ups (system Volume Information and Restore Points)
Tracking Trojan Horse programs through a suspect registry
Tracking file associations and class ID information
Analyzing mounted device association (USB and other devices)
Discovering machine compromise through registry infiltration