Tag Archives: Hives not saved

Hives and Tools and Timestamps….. oh my!

Posted on May 29, 2014 by HatsOffSecurity

Continuing on from yesterday’s post regarding Hive files not updating: A colleague and I (say hi Joe) have been doing some research on this along with some very helpful comments from Brian Moran (@brianjmoran) via Twitter. My previous post commented … Continue reading

Posted in Windows Forensics, Windows Registry Forensics | Tagged , , , , | Leave a comment

Windows 8 Hives Not Saved On The Fly

Posted on May 28, 2014 by HatsOffSecurity

*********After reading, please see this post for the conclusion********* Whilst playing about with USB devices to start my upcoming USB identification series I noticed something a little odd. I captured the locked files on the VM when I started this … Continue reading

Posted in Windows Forensics, Windows Registry Forensics | Tagged , , , , , | 2 Comments