Alt3rn4tiv3's Tech Blog

Deleted Keys from the Windows Registry

04/03/08

Permalink 10:40:33 pm, by alt3rn4tiv3 Email , 87 words,
Categories: Software

Deleted Keys from the Windows Registry

Just a quick Did-You-Know bite here. I found this piece of paper which I scribbled some notes on when I was browsing through some forensics book last year (probably).

“Deleted” registry entries are not removed until the registry file size exceeds 500kb, or until regedit /opt is typed, because it will take too much time and processing power to rewrite and compress the registry each time an entry is removed.

Two additional recommended readings are -
Discovery of Computer Data (Link Gone)
Forensic Computer Analysis: An Introduction

PermalinkPermalink Leave a commentTrackback (0)

Trackback address for this post:

http://altblog.searix.net/comtrack/trackback.php/79

Comments, Trackbacks, Pingbacks:

No Comments/Trackbacks/Pingbacks for this post yet...

This post has 1 feedback awaiting moderation...

Leave a comment:

Your email address will not be displayed on this site.
Your URL will be displayed.

Allowed XHTML tags: <p, ul, ol, li, dl, dt, dd, address, blockquote, ins, del, span, bdo, br, em, strong, dfn, code, samp, kdb, var, cite, abbr, acronym, q, sub, sup, tt, i, b, big, small>
(Line breaks become <br />)
(Set cookies for name, email and url)
(Allow users to contact you through a message form (your email will NOT be displayed.))

Alt3rn4tiv3's Tech Blog


Like my blog?

November 2008
Sun Mon Tue Wed Thu Fri Sat
 << <   > >>
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            

Search




Categories

Archives

Misc

XML Feeds

What is RSS?

Links

Who's Online?

  • Guest Users: 4

Google Ads

Other Ads

PayPerPost

Hire Me Direct

Valid XHTML 1.0 Transitional

Valid CSS!

Add to Technorati Favorites

feedNuts Feed Profile

powered by b2evolution free blog software