Registry Analysis Workshop
Course details
Description
Forensic investigation often requires understanding whether a particular computer system has been used to commit an offence. This workshop provides participants with the necessary skills to forensically analyse registry database files within the Microsoft Windows operating system. Participants use hands-on exercises to interpret registry key values, whether they are the results of deliberate actions of a computer user, or form part of automated computer processes in operation.
Format and delivery
- Length of course
- 4 days
- Class size
- maximum 20 participants
- Delivery setting
- computer classroom
Learning outcomes
- Understanding the purpose and value of registry files.
- Ability to use different techniques to locate and verify registry data content.
- Ability to extract and interpret registry file information on running computer systems.
- Ability to conduct a preliminary on-scene live examination of registry files.
- Understanding how to interpret registry data that explains the presence of externally connected devices.
- Ability to extract and interpret information/evidence from older backup copies of registry files.
- Knowledge of software programs frequently used.
Eligibility and mandatory requirements
- Registrants must have completed the Computer Forensic Examiner (CMPFOR) course.
- Acceptance or refusal in the course is at the discretion of the Canadian Police College.
Assessment
- Success in the course is based on participation and completion of all required assignments.
Contact
For more details or other information about the course, please email cpc_registrar-registraire_ccp@rcmp-grc.gc.ca.
- Date modified: