Memory images, page files, hibernation files, crash dumps are standard targets for memory forensics. But there are unusual ones: for example, chunks of disclosed (leaked) uninitialized kernel memory found on a drive.
An offline antivirus (AV) scanner is used to scan and clean a computer while its usual operating system isn’t running. Such scanners are often launched from a bootable USB drive or from an optical disc. Some scanners include a component to scan and modify the inactive registry of a Windows operating system.
What happens to the registry when a user performs such a scan?