Main Catalog Jurisprudence Criminal Law and Criminology

Obtaining forensic information when examining the registry

Authors: Skachkova A.P.
Published in issue: #4(57)/2021
DOI: 10.18698/2541-8009-2021-4-693
Category: Jurisprudence \| Chapter: Criminal Law and Criminology
Keywords: registry, operating system, Windows, forensics, forensic information, software, research, UNIX system
Published: 27.04.2021

The paper is devoted to the methods and means of studying the system registry of the Windows operating system (OS). Windows registry keys containing forensic information are highlighted. A list of specialized software that automates the work of an expert when examining the registry is given. Specific expert tasks are considered, such as determining the date of the OS installation, determining the users registered in the OS, forming a list of external drives connected to the computer, establishing the fact of launching application programs from external devices. The methodological recommendations to Windows registry outlined in the work will help to quickly and thoroughly conduct expert research, which will contribute to the detection, investigation and prevention of crimes.

References

[1] Yakovlev A.N. [Digital criminalistics and its significance for crime investigation]. Sovershenstvovanie sledstvennoy deyatel’nosti v usloviyakh informatizatsii. Sb. mat. mezhd. nauch.-prakt. konf. [Improvement of Investigative Activities in Conditions of Informatization. Proc. Int. Sci.-Pract. Conf.]. Minsk, Promyshlenno-torgovoe pravo Publ., 2018, pp. 357–362 (in Russ.).

[2] Karlova A.V. Establishing the circumstances of working with USB-devices in the Windows operating system. Politekhnicheskiy molodezhnyy zhurnal [Politechnical Student Journal], 2019, no. 4. DOI: http://dx.doi.org/10.18698/2541-8009-2019-4-465 (in Russ.).

[3] Karlova A.V. Some features of study of image files in hexadecimal format. Politekhnicheskiy molodezhnyy zhurnal [Politechnical Student Journal], 2019, no. 7. DOI: http://dx.doi.org/10.18698/2541-8009-2019-7-501 (in Russ.).

[4] Usov A.I. Inter-professional collaboration as the main cooperation trend in the international forensic community. Teoriya i praktika sudebnoy ekspertizy [Theory and Practice of Forensic Science], 2017, vol. 12, no. 4, pp. 106–109. DOI: https://doi.org/10.30764/1819-2785-2017-12-4-27-33 (in Russ.).

[5] Epoch & Unix timestamp conversion tools: website. URL: https://www.unixtimestamp.com (accessed: 30.01.2020).

[6] New system mechanic ultimate defense: website. URL: https://www.iolo.com (accessed: 30.01.2020).

[7] Ace utilities. softportal.com: website (in Russ.). URL: https://www.softportal.com/software-1224-ace-utilities.html (accessed: 22.02.2020).

[8] Jv16 PowerTools: website. URL: https://jv16powertools.com (accessed: 22.02.2020).

[9] Registry mechanic: website. URL: https://registry-mechanic.ru.softonic.com (accessed: 22.02.2020).

[10] Registrar registry manager. softportal.com: website (in Russ.). URL: https://www.softportal.com/software-25445-registrar-registry-manager.html (accessed: 22.02.2020).

[11] Vekhov V.B. [Problems of work with digital evidences]. Sb. mat. mezhd. konf. Sovremennoe ugolovno-protsessual’noe pravo Rossii: uroki istorii i problemy dal’neyshego reformirovaniya [Proc. Int. Conf. Modern Criminal Procedure Law of Russia: History Lessons and Problems of Further Reforming]. Orel, OrYuI MVD Rossii Publ., 2016, pp. 84–87 (in Russ.).