A Computer Abusive Access Case Study Solved with Windows Registry Analysis
This article has the aim to describe a real forensics investigation case. An employee is accused of revealing confidential company information related to a project he was working on using a company computer registered to the company domain. The accused defends himself, insinuating the doubt that it could have been anyone because his office is always open. After the seizure and acquisition of a company hard drive, the investigators want to find some evidences related the Windows system registry. In particular, the analysis will be aimed at identifying what were the energy and standby settings at the time of the seizure and if upon reactivation of the screen, the password was requested and needed to access the system.
Guidelines for identification, collection, acquisition and preservation of digital evidence. ISO/IEC 27037:2012.
Guidelines for the analysis and interpretation of digital evidence. ISO/IEC 27042:2015.