Cyber Securities Technology Logo Next-generation software for computer investigations of live computers inenterprises
Photo

Tour Background
1. Logging into OnLineDFS
2. Creating an inquiry
3. Logging into the target system
4. The initial acquisition
5. Analyzing data
6. Acquiring state data
7. Acquiring files
8. Displaying data
9. Continuing the investigation
10. Logging out

OnLineDFS: A Guided Tour


Background | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10

6. Acquiring State Data - The Windows® Registry (continued) <-- Previous Next -->

After clicking on the "Send Path" button, Miller arrives at that path in the registry, as shown in Figure 15.

Miller notices the file name listed as "cards.dll".

Using Microsoft Word to view a .dll file is odd. This type of file is a binary file used to store library functions that other programs access for their normal operation. Microsoft Word is not used to edit or even view binary files. Miller decides to retrieve the file, cards.dll, and examine its contents. The most common location for DLL files is the directory C:\WINDOWS\system32. Miller chooses to search this directory.

Figure 15 - Registry
Figure 15 - Registry

Back to top <-- Previous Next -->