Computer Name

Location and Format

The registry key that tracks the computer name is located at “SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName”.

Purpose

This registry key stores the hostname of the Computer in the “ComputerName” value.

Forensic Uses

Knowing the hostname is critical in order to correlate activity across log data and other artifacts.

Analysis Tools

https://www.sans.org/tools/registry-explorer/

Example Analysis

pending