Date of Award
Michael R. Lehrfeld
Thesis Professor Department
Computer and Information Sciences
Ronald Zucker, Patrick Cronin
Digital forensic examiners are faced with the task of recreating a user’s actions for auditing purposes. ShellBag data from the registry is critical to the reproduction of these actions in a Microsoft Windows 7 operating system, because ShellBag data contains a listing of folders and files contained within a specific folder. Once an understanding of the structure of ShellBag data in a Windows 7 operating system is reached, this data can be parsed to create a timeline of user actions on a given machine.
Honors Thesis - Open Access
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.
Duncan, Daniel A., "Exploring the Uses of ShellBag Data within the Windows 7 Registry." (2012). Undergraduate Honors Theses. Paper 136. https://dc.etsu.edu/honors/136
Copyright by the authors.