🪟Windows User Activity Analysis

https://tryhackme.com/r/room/windowsuseractivity

On the Desktop we can see 12 folders/files:

The Windows Registry is basically an organized database that stores all kinds of settings and configuration information for your Windows operating system, as well as for installed applications and user preferences. Think of it as the control center for your computer's settings.

It's stored in what we call Hives;

Base de registreWikipedia

The user related hives are SECURITY and DEFAULT which have very sensitive files:

NTUSER.DAT:

• User-specific settings for each user profile. Contains information about user preferences and specific configurations.

USRCLASS.DAT:

• User-specific class settings. Stores information about Explorer's settings and interaction.

Here are some important registry hives:

If you Win + R and type regedit you can access those: