“I became involved with computer and mobile device forensics as part of my law enforcement duties,” Denise said. “Narcotics investigations, child exploitation, sexual assault, harrassement — you name it, there’s usually a phone or computer involved. I honestly had no idea what I was getting into. A sergeant in the Internet Crimes Against Children unit and I used to laugh because I didn’t know how to turn a computer on when I started.” Persistence and hard work paid off for Denise, and she’s grown from those early days to teaching and developing courses for the International Association of Computer Investigative Specialists. She also received an exclusive invitation from the U.S. Secret Service to participate in training at the National Computer Forensics Institute and travels worldwide teaching EU law enforcement agencies through the European Fraud Office.
Dig into Windows Registry Forensics with Infosec Skills
The Windows Registry Forensics Learning Path in Infosec Skills teaches you how to identify, extract and interpret important data to conduct a complete and accurate examination of the Windows Registry. You’ll learn how to:
Use common forensics software and tools Locate information on different hive files (NTUser.Dat, software, system, UsrClass.dat, AmCache) Correctly interpret data relevant to your investigation Put all your findings together in a fact-based report
“It’s hands-on throughout the course,” Denise said. “We go through every hive in a Windows 10 computer. We download and learn to use a lot of freeware tools — which is an important skill in our industry because free is always good and these tools are very good. We do demos with Mimikatz. We talk a lot about encryption, and with that we’re going to talk about passwords.” She added: “There’s a lot in the courses.”
Using forensics in the real world
When not teaching or developing new forensics courses, Denise remains involved with investigations in both the public and private sector. Staying actively involved and getting her hands dirty is vital for staying sharp in her field. “I did many illicit image cases in law enforcement. In those cases, I’d be looking through the registry for image files, video files, downloads. I’d be looking for internet history, what they downloaded and keyword searches,” Denise said. “When I do private sector work, it’s a lot of intellectual property theft. I’m looking for evidence in email accounts. I’m investigating cloud storage. I’m looking through the registry at what devices were connected to the machine.” Recovering deleted files from the recycle bin and digging into event logs can also help your investigation, Denise said. “I once had a case where terminated employees somehow still had their work credentials and were getting into the company’s systems. They were viewing confidential company information. One of the attackers deleted the logs to cover their tracks. But what they did not know was that when they deleted the logs, they unwittingly created another log — which I found. That helped crack the case.”
Training future digital forensics professionals
In addition to her Windows Registry Forensics courses, Denise also teaches Infosec Skills live Computer and Mobile Forensics Boot Camps. The training prepares learners to earn the popular Certified Computer Forensics Examiner and Certified Mobile Forensics Examiner certifications. Denise’s motto is to “prep for success,” and she earns boasting honors by never having one of her students fail the exam. Denise says her new Windows Registry Forensics Learning Path is targeted toward forensic investigators, cybercrime analysts, cybersecurity professionals and law enforcement professionals, but adds that anyone seeking a deeper understanding of the Windows Registry would get a lot out of the courses. “The Windows Registry is full of malware indicators, so I highly recommend these courses to any cybersecurity professional,” Denise said. But she cautions against trying to jump too far, too fast. “For pros considering a career in forensics, don’t try to start in the middle. Take the time to learn the basics. Build a strong foundation before you move into deeper concepts and topics. That strong foundation and understanding will serve you well as you advance in your career.”
About Denise Duffy In addition to being an Infosec instructor, Denise Duffy teaches computer forensics worldwide to European law enforcement through the European Anti-Fraud Office. During her 25-year career at the Middletown Police Department, Denise underwent extensive training in specialized computer and mobile device forensics, including widespread access data courses, multiple IACIS trainings, U.S. Secret Service Training at the National Computer Forensics Institute, BlackBag Technologies Training, many National White Collar Crime (NW3C) courses, an X-Ways online course and considerable Internet Crimes Against Children Training (ICAC) courses. Denise currently holds the following certifications: CFCE (Certified Forensic Computer Examiner), CCFE (Certified Computer Forensics Examiner), CMFE (Certified Mobile Forensics Examiner) and CEH (Certified Ethical Hacker). She is most proud of her two sons who joined the U.S. Military, as Denise is a Desert Shield/Desert Storm veteran herself.