Discover Your Island University

Graduate Projects


Project ID: 352
Author: Ruth Harding
Project Title: WIRECHADE (Windows Registry Change Detection Forensics Tool)
Semester: 1 2010
Committe Chair: Dr. Mario Garcia
Committee Member 1: Dr. David Thomas
Committee Member 2: Dr. Hongyu Guo
Project Description: Windows registry is a core of the operating system which determines the appearance and behavior of windows. It is a central repository or a hierarchical database of configuration data for the Windows operating system. It has configuration data for all the installed software applications, device drivers, and policies pertaining to the system and the users. It controls the peripherals devices and how applications run. Every time an application runs in the Windows environment, the first thing it checks is the registry. Without accessing the registry no application can be started. In other words windows eventually fail if the registry fails. The analysis of Windows Registry involves not just viewing data within the registry but it is about extracting, interpreting, and understanding what that data means in its own context and in the context of a forensics investigation. The project gives an overview of what a forensics investigator, a Windows system administrator, or a network administrator should look for while performing an analysis of the Windows Registry within the windows and several utilities and forensic software tools that can be used to view and examine the registry. The project discusses various registry forensics tools available for Windows operating systems and theirs features. This project mainly focuses on implementing WIRECHADE which used to detect changes made in the registry, the Design and implementation of the tool and the corresponding test cases generated to test its features.
Project URL:   352.pdf