Often overlooked by examiners, the forensic analysis of the Windows 7 Registry can provide investigators with a wealth of potential  probative information. Registry analysis can be performed either on a live system or post mortem. Information concerning malware exploitation, Internet search terms, USB devices which have been attached to the computer and when, a list of most recently used files, wireless network connections and so forth can be found within the Registry. The presentation will provide an overview of Windows 7 Registry Forensics, focusing upon specific Registry Keys and the information that they can provide an investigator.

Bio:
John Barbara

John Barbara retired from the FDLE crime laboratory in Tampa where he supervised the Digital Evidence section.  He is the owner/manager of Digital Forensics Consulting, LLC and a Board member of the Tampa Bay Chapter of InfraGard.  John is a member of the Editorial Advisory Board for Forensic Magazine and writes the "Digital Forensics Insider" column.  He is also the Editor of the "Handbook of Digital and Multimedia Forensic Evidence".