SEGUIMIENTO de ACTIVIDADES en WINDOWS | Análisis del Registro de Windows

Avatar de Usuario
admin
Verified
Site Admin
Mensajes: 2088
Registered for: 9 years 10 months
9
Ubicación: Ciudad de Córdoba - Argentina
Gender:
Edad: 41
Contactar:

SEGUIMIENTO de ACTIVIDADES en WINDOWS | Análisis del Registro de Windows

#1

Mensaje por admin »

El propósito de este artículo es brindarle una comprensión de los Registros de Windows y la gran cantidad de información que contiene. Hoy en día es importanta, para la mayoría de los administradores y analistas forenses. .

Imagen
LINKS

https://gbhackers-com.cdn.ampproject.or ... ystem/amp/

VIDEO TUTORIAL



Info Extra

HKEY_CLASSES_ROOT hive contains configuration information relating to which application is used to open various files on the system.
HKEY_CURRENT_USER hive is the active, loaded user profile for the currently logged-on-user.
HKEY_LOCAL_MACHINE contains a vast configuration information for the system, including hardware settings and software settings.
HKEY_USERS contiene todo el perfil de usuarios cargado activamente para ese sistema.
HKEY_CURRENT_CONFIG contains the hardware profile the system uses at startup.

Ejemplos:

MRU, throughout or”most recently used” list contains entries made due to specific actions
performed by the user. There are numerous MRU LIS throughout various Registry keys.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\Explorer\RunMRU


This key stores the contents of the product and device ID values of any USB devices that have ever been connected to the system.
HKEY_LOCAL_MACHINE\SYSTEM\controlset001\Enum\USBSTOR


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs


Attached Hardware:

Navigating to the following key HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices.This information can be useful
to a forensic examiner as it shows any connected storage device has been recognized by the operating system.
If the examiner notes a discrepancy between the physically attached devices and the ones reported here,
it can be an indication that some device was removed prior to the evidence being seized.
HKEY_LOCAL_MACHINE\SYSTEM|MountedDevices


HKEY_CURRENT_USER\Software\


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps


Ethical Hacker,Penetration Tester,Cybersecurity Consultant,learn security,unix,OSINT,oscp certification,try hack me,hacking,ctf for beginners,ehtical hacking,cyber seguridad,security,tool,linux for ethical hackers,capacitacion,educacion,How Hackers Do It,cyber security,tutorial,Information Systems Security Professional,comandos,remote function,laboratorio,lab,testing,servidor,ciberdefensa,configuracion del windows 10,borrar historial
Pentesting Security Technologies Nmap Sistema operativo Operating Systems Instalación y configuración Install and configure ssh Metasploit Unauthenticated LAN Remote Code Execution Reverse connection Shell Telnet networking backdoor LAN | Local Area Network CMD execution How to Exploit and Test this Critical Vulnerability Netcat Listener NC NetCat GitHub Firewall Pentest Lab Setup Laboratorio de Trabajo Security Ethical Hacking Certification Guide OWASP ZAP Debian Red Hat Terminal python blue team red team Windows Bug Actualizar update parchear Operating System mfsconsole vulnerabilidades de seguridad detección de intrusos Networking Linux Ubuntu MacOS PowerPoint Access Hash cifrado descrifrar instalacion install PowerShell Step-by-Step Download o bajar database apache base de datos Vulnerabilidades CVE Perl SQL Injection Exploitation Explanation Burp suite Command Injection php Bypass All Security proxy VULNERABILITIES parrot Escalar privilegios en Linux Apache Nginx Routing redes hogareñas Localhost binaries certificates certificados OSI Model Modelo TCP/IP VPN ciberseguridad information systems security professional how hackers hack into pc ehtical hacking cyber seguridad proteger computadoras comptia security+ detección de intrusiones en la red hacking etico ethical hacker tutorial hackers how hackers do it HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_CONFIG MRU Windows Registry investigador forense Adminitrastor Administrador forensic analysts What is the Registry? Que es un Registro de Windows? Tracking Every Activity Windows System Sistema Operativos de Windows



 

Enlace:
BBCode:
HTML:
Ocultar enlaces al mensaje
Mostrar enlaces al mensaje
Responder

Create an account or sign in to join the discussion

You need to be a member in order to post a reply

Create an account

Not a member? register to join our community
Members can start their own topics & subscribe to topics
It’s free and only takes a minute

Registrarse

Sign in

  • Temas similares
    Respuestas
    Vistas
    Último mensaje

Volver a “Redes/Networking”

¿Quién está conectado?

Usuarios navegando por este Foro: No hay usuarios registrados visitando el Foro y 5 invitados