Coursera

Windows Registry Forensics (Coursera)

Offered by Infosec,
Windows Registry Forensics (Coursera)

The Windows Registry Forensics course shows you how to examine the live registry, the location of the registry files on the forensic image, and how to extract files.

Class Deals by MOOC List - Click here and see Coursera's Active Discounts, Deals, and Promo Codes.

Course 3 of 3 in the Computer Forensics Specialization

Syllabus

WEEK 1
Introduction to the Windows Registry
Discover what the Windows Registry is and why it is important in digital forensic investigations. This module will explore the location and structure of the registry hives in a live and non-live environment, as well as the types of forensic evidence found in the Windows Registry. This will include: user account information, system-wide and user-specific settings, file access, program installation and execution, search terms, auto-start locations and devices attached to the system.

WEEK 2
Preparing to Examine the Windows Registry
Learn how to set up a forensic workstation to properly examine the Windows Registry. This module takes a look at the location of the Registry files within the Windows OS and the many tools freely available to view the file structure and artifacts contained within the Windows Registry. It includes instruction on the installation, proper use and validation of your forensic software, showing how to get the most out of your automated tools while maintaining an understanding of what the tool is doing behind the scenes.

WEEK 3
NTUser.Dat Hive File Analysis
This module demonstrates an in-depth analysis of the artifacts contained within the NTUser.Dat hive file. This module will show examiners how to locate programs and applications, mounted volumes and connected devices specific to a user, user search terms and typed URLs. Examiners will also be able to locate and identify opened and saved files, typed URLs, user-specific programs set to run at startup and application installation and execution. Examiners will be able to locate, examine and interpret MRU lists (Most Recently Used), UserAssist, user system settings and recently used files.

WEEK 4
SAM Hive File
This module explains forensic artifacts found in the SAM (Security Account Manager) file, which stores and organizes information about each user on a system. This module demonstrates how to identify each user account on a local machine using the relative identifier. Examiners can also learn to interpret username information including the users’ login dates, times and login count. The module will show how to identify the machine that the user account was created on, by interpreting a users’ SIDs (machine/domain identifiers) and recovering user password hashes.

WEEK 5
Software Hive File
This module will show examiners how to locate information of forensic value relating to application execution and installation contained within the software hive file. The module will provide an overview of the forensic artifacts found in the software hive file, such as installed programs and applications, operating system type, install date and time, wireless network information, file association, domain logon information, the last logged-on user, programs set to run at startup and tracking USB devices that were attached to the system.

WEEK 6
System Hive File
This module will demonstrate evidence of forensic value contained within the system hive file. This module explores the system hive file showing how to determine the current control set, computer name, last shutdown date and time, crash dump settings and location, services set to run at startup, page file settings, prefetch settings, last access file time settings, AppCompat Cache, BAM (background activities monitor) and USB device connections and disconnections with dates and times.

WEEK 7
USRClass.dat Hive File
This module identifies and explains forensic artifacts found in the UsrClass.dat hive file. This module will look at the UsrClass.dat hive. The examiner will learn to explain Windows ShellBags, which track user-specific zip files and folder access and settings, including dates and times even on deleted folders and removable media. The examiner will also learn to interpret the sub-key MuiCache, to include installed applications. The Microsoft Photo App, showing recently accessed image files, will also be explored.

WEEK 8
AmCache Hive File
This module will examine the AmCache hive file, which stores information relating to the execution of applications. A forensic examination of the AmCache hive file showing the following: application installation, application first run date and time, a file path to the executable file, the source of the application, a SHA-1 hash value of the executable file, plug-and-play connected devices, GUIDs of mounted volumes and system hardware information.

Go to Class
MOOC List is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Related Courses

Administração de Sistemas e Serviços de Infraestrutura de TI (Coursera) Coursera
Google

Administração de Sistemas e Serviços de Infraestrutura de TI (Coursera)

CS: Information & Technology

Este curso guiará você do manuseio de um único computador para uma frota inteira. A administração de sistemas é a área da TI responsável pela manutenção de sistemas de computador confiáveis em um ambiente multiusuário. Neste curso, você verá os serviços de infraestrutura que mantém todas as organizações, grandes e pequenas, funcionando.

Jun 22nd 2026
5-12 Weeks
Information Technology Backup System Administration
Details
Information Technology (IT) Fundamentals for Everyone (Coursera) Coursera
IBM

Information Technology (IT) Fundamentals for Everyone (Coursera)

Security & Networking

This course will guide you through fundamental concepts and skills to confidently navigate various aspects of IT and the digital world. You will be introduced to the vast field of IT, covering a wide range of topics to build your IT knowledge. You will delve into hardware, operating systems technology, software, programming, databases, networking, storage, cybersecurity, cloud computing, and support and operations.

Jun 22nd 2026
5-12 Weeks
Security Operating Systems Information Technology
Details
Interagir com sistemas operativos (Coursera) Coursera
Google

Interagir com sistemas operativos (Coursera)

CS: Information & Technology

Neste curso, através de uma combinação de palestras em vídeo, demonstrações e experiências práticas, vai adquirir conhecimentos acerca dos componentes principais de um sistema operativo e como realizar tarefas críticas, como gerir software e utilizadores e configurar hardware. Vamos terminar com um exemplo de como este conteúdo pode surgir no contexto de uma entrevista.

Jun 22nd 2026
5-12 Weeks
Software Hardware Operating Systems
Details
IT Security: Defense against the digital dark arts (Coursera) Coursera
Google

IT Security: Defense against the digital dark arts (Coursera)

Security & Networking

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team.

Jun 22nd 2026
5-12 Weeks
Security Networks Information Technology
Details
Laravel: Configure, Validate, Authenticate and Authorize (Coursera) Coursera
Infosec

Laravel: Configure, Validate, Authenticate and Authorize (Coursera)

Security & Networking

To get started in this beginning course on Laravel, we will examine what prerequisites you need to get the most out of this specialization. We’ll discuss the different ways to install the Laravel framework and focus on the most secure choice. We also will talk about the security concerns of using third-party packages. The course will introduce some tips on how to audit your application after a third-party package is installed. Finally, we'll share resources to stay up-to-date with Laravel.

Jun 22nd 2026
5-12 Weeks
Security Information Technology Cybersecurity
Details
Cybersecurity Job Search and Interviews: Getting Started (Coursera) Coursera
University System of Georgia

Cybersecurity Job Search and Interviews: Getting Started (Coursera)

Security & Networking

Are you planning to have a career in cybersecurity? This course can help you plan your preparation for such a career as well as give some advice on finding positions and landing a position. What you will learn: the process and resources for finding the perfect cybersecurity job; the cybersecurity professional’s role in an organization’s cybersecurity effort; the knowledge preparation for the cybersecurity professional from an education versus training perspective.

Jun 22nd 2026
5-12 Weeks
Security Information Technology Knowledge
Details
Introduction to Hardware and Operating Systems (Coursera) Coursera
IBM

Introduction to Hardware and Operating Systems (Coursera)

CS: Information & Technology

Organizations need workers who can help others with computer hardware, software, and connectivity issues. Healthcare organizations are still converting to digitized systems, requiring more IT support. Workers are retiring, and organizations are contracting workers through IT consultancies rather than in-house IT technicians. With remote and hybrid work here to stay, organizations must provide employees with the devices and support they need to remain connected and productive. Additionally, IT support roles are often a steppingstone that enables employees to grow into higher-paying IT careers.

Jun 22nd 2026
5-12 Weeks
Hardware Operating Systems Information Technology
Details
Computer Hardware and Software (Coursera) Coursera
University of California, Irvine

Computer Hardware and Software (Coursera)

CS: Software Engineering Computer Science

This course provides foundational understanding of how computers process information through hardware and software. You will investigate the world of Information Technology (IT) and survey hardware components, mobile devices, operating systems, programs and apps, network fundamentals, the Internet, and touch on security and ethics.

Jun 22nd 2026
3 Weeks
Computer Software Hardware
Details
Personnel & Third-Party Security (Coursera) Coursera
University of California, Irvine

Personnel & Third-Party Security (Coursera)

Security & Networking

In this course, you will learn all about the process of implementing effective education, training, and awareness programs. You will also study the role personnel security plays in protecting an organization’s assets, intellectual property, and physical assets. You will also be introduced to the steps required for effective Vendor Risk Management (VRM), including: due diligence, contracting, monitoring & accessing, and termination. Throughout the course, you will engage with current case studies that illustrate the key concepts in your lessons. You will also have the chance to submit assignments in which you will apply the material in a practical application.

Jun 15th 2026
4 Weeks
Education Software Security
Details