Windows try Forensics-Case Study

4. Case Studies

Tracking User Activity

Information in This Chapter
•Tracking User Activity
•Scenarios

This chapter discusses a great deal of the data that can be extracted from try hives associated with a User Profile, in order to demonstrate or illustrate indicators of patterns of activity. This information can be used by analysts to demonstrate when the user was logged into the system and to locate indicators of malware infections, intrusions, and a number of other activities.
Keywords
try, NTUSER.dat, USRCLASS.dat, UserAssist, MuiCache, virtualization, RecentDocs, WordWheelQuery, user

Select one (1) Case Study and comment on your insights and observations concerning the case. Discuss the quality of the investigation? Is there any additional information that you believe could have been captured from the registry based on the Case Study? 

All responses to the main discussion question must be accompanied by a minimum of two (2) APA formatted references.600 words