Cited By
View all- Shosha AJames JGladyshev P(2012)A Novel Methodology for Malware Intrusion Attack Path ReconstructionDigital Forensics and Cyber Crime10.1007/978-3-642-35515-8_11(131-140)Online publication date: 2012
On the persistence of deleted windows registry data structures
Pages 895 - 896
Abstract
Deleted entries in the Windows Registry remain in the hives that contain them but their space is marked as free for future use. In this paper we analyse the fragmentation of these deallocated blocks and how long they persist by surveying a number of hives over a long period of time. We formalise retrieval of data and define 'consistency' with respect to deleted keys. We illustrate how uninstallation programs may inadvertently corrupt the keys they are deleting in the uninstallation process by analysing the keys during the uninstallation of a popular media software suite.
References
[1]
Jerry Honeycutt. Microsoft Windows XP Registry Guide. Microsoft Press, 2002.
[2]
H. Carvey. The Windows Registry as a forensic resource. Digital Investigation, 2(3): 201--205, 2005.
[3]
Mark Russinovich. Inside the registry. http://technet.microsoft.com/en-gb/library/cc750583.aspx.
[4]
B. D. Registry file format. http://home.eunet.no/pnordahl/ntpasswd/WinReg.txt.visited: 09/May/2008.
Recommendations
Petri Nets With Persistence
Persistence of information is common in modern computer systems. This paper describes how to extend Petri nets, a traditional model of concurrent and distributed computations, to take account of conditions that are persistent. We found use for this kind ...
Comments
Information & Contributors
Information
Published In
March 2009
2347 pages
Copyright © 2009 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 March 2009
Check for updates
Qualifiers
- Research-article
Conference
SAC09
Sponsor:
Acceptance Rates
Overall Acceptance Rate 1,650 of 6,669 submissions, 25%
Upcoming Conference
SAC '25
- Sponsor:
- sigapp
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 204Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
Cited By
View all- Shosha AJames JGladyshev P(2012)A Novel Methodology for Malware Intrusion Attack Path ReconstructionDigital Forensics and Cyber Crime10.1007/978-3-642-35515-8_11(131-140)Online publication date: 2012
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in