Exploring the Uses of ShellBag Data within the Windows 7 Registry.

Author

Daniel A. Duncan, East Tennessee State University

Honors Program

University Honors

Date of Award

5-2012

Thesis Professor(s)

Michael R. Lehrfeld

Thesis Professor Department

Computer and Information Sciences

Thesis Reader(s)

Ronald Zucker, Patrick Cronin

Abstract

Digital forensic examiners are faced with the task of recreating a user’s actions for auditing purposes. ShellBag data from the registry is critical to the reproduction of these actions in a Microsoft Windows 7 operating system, because ShellBag data contains a listing of folders and files contained within a specific folder. Once an understanding of the structure of ShellBag data in a Windows 7 operating system is reached, this data can be parsed to create a timeline of user actions on a given machine.

Document Type

Honors Thesis - Open Access

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.

Recommended Citation

Duncan, Daniel A., "Exploring the Uses of ShellBag Data within the Windows 7 Registry." (2012). Undergraduate Honors Theses. Paper 136. https://dc.etsu.edu/honors/136

Copyright

Copyright by the authors.