f:["$","$L17",null,{"module":{"slug":"module-4","title":"Windows Forensics: Registry","description":"Analyzing the Windows Registry for user activity, USB history, and autoruns.","order":4,"sections":[{"id":"hives","title":"Registry Hives","type":"content","content":"\n

The Windows Registry is a hierarchical database storing system and user settings.

\n HKEY_LOCAL_MACHINE\\SYSTEM - System configuration\n

\n HKEY_CURRENT_USER\\Software - User-installed apps\n

\n NTUSER.DAT - User-specific settings\n

\n "},{"id":"usb","title":"USB History","type":"content","content":"\n

Tracking USB Devices

\n Every USB device leaves a trace in the registry.\n
\n Key: SYSTEM\\CurrentControlSet\\Enum\\USBSTOR\n

\n "},{"id":"quiz","title":"Registry Quiz","type":"quiz","quizQuestions":[{"id":1,"type":"true-false","question":"The Windows Registry can reveal which USB devices have been connected to a system.","options":["True","False"],"correct":"True"}]}]},"courseSlug":"digital-forensics-101","nextModuleSlug":"module-5"}]