Getting Started With The Windows Registry

https://www.tcm.rocks/psap-y - We have several blue team certifications and are working on more training materials for the future! Check them out over at our website. The Windows Registry is artifact-rich - a literal treasure trove for evidence. But it's huge, and it's dense. So where do you even begin? Andrew Prince breaks down the Registry in this video and shows you how it can become one of the most powerful tools in your investigative toolkit. This video also includes a practical example of hunting for malware that is hiding directly inside of the Windows Registry. Like this video? Subscribe to never miss a new content drop from the TCMS team! #dfir #malware #blueteam #cybersecurity #digitalforensics #threathunting Sponsor a Video: https://www.tcm.rocks/Sponsors Pentests & Security Consulting: https://tcm-sec.com Get Trained: https://www.tcm.rocks/acad-y Get Certified: https://www.tcm.rocks/certs-y Merch: https://www.bonfire.com/store/tcm-sec... Timestamps: 0:00 - Introduction 1:01 - Basic Registry Terminology 2:33 - Registry Hives 5:44 - Live and Offline Registry Hives 7:14 - MRU Lists and Timestamps 8:28 - Value Data Types 10:00 - Malware Demo 17:45 - Conclusion 📱Social Media📱 ___________________________________________ X: https://x.com/TCMSecurity Twitch:   / thecybermentor   Instagram:   / tcmsecurity   LinkedIn:   / tcm-security-inc   TikTok:   / tcmsecurity   Discord:   / discord   Facebook:   / tcmsecure