data leakage case #17, user keywords at the search bar

https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html

https://www.howtogeek.com/282281/how-to-delete-the-search-history-in-windows-file-explorer/

#17. List all user keywords at the search bar in Windows Explorer. (Timestamp, Keyword)

레지스트리 분석

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery

1. admin_11, informant, temporary 에 해당하는 NTUSER.DAT 을 registry explorer 에 불러온다.

2. WordWheelQuery 레지스트리 키가 존재하는 것은 informant 뿐이며, 다음과 같다.

data leakage case #19, e-mail file location (pst vs ost) (0)	2018.09.18
data leakage case #18, email application check (0)	2018.09.18
data leakage case #16, kewords using web browser (0)	2018.09.18
data leakage case #15, website access logs (2)	2018.09.18
data leakage case #14, artifacts of WEB (0)	2018.09.18

c0msherl0ck.github.io