A Computer Abusive Access Case Study Solved with Windows Registry Analysis

Digital Forensics, Digital Investigation, Cybersecurity


  • Pierluigi PERRONE
    pperrone@luiss.it (Primary Contact)
    LUISS University, Rome, Italy https://orcid.org/0000-0001-5741-1167
  • Antonio SILVESTRE Technical Investigation Unit, Arma dei Carabinieri, Naples, Italy
  • Giuseppe TARASCHI Technical Investigation Unit, Arma dei Carabinieri, Naples, Italy


This article has the aim to describe a real forensics investigation case. An employee is accused of revealing confidential company information related to a project he was working on using a company computer registered to the company domain. The accused defends himself, insinuating the doubt that it could have been anyone because his office is always open. After the seizure and acquisition of a company hard drive, the investigators want to find some evidences related the Windows system registry. In particular, the analysis will be aimed at identifying what were the energy and standby settings at the time of the seizure and if upon reactivation of the screen, the password was requested and needed to access the system.