
Windows Registry Forensics
Advanced Digital Forensic Analysis of the Windows Registry
Description
Key Features
- Named a Best Digital Forensics Book by InfoSec Reviews
- Packed with real-world examples using freely available open source tools
- Provides a deep explanation and understanding of the Windows Registry—perhaps the least understood and employed source of information within Windows systems
- Includes a companion website that contains the code and author-created tools discussed in the book
- Features updated, current tools and techniques
- Contains completely updated content throughout, with all new coverage of the latest versions of Windows
Readership
Information Security professionals at all levels, digital forensic examiners and investigators, InfoSec consultants, attorneys, law enforcement officers. Also useful to forensic training vendors, government training courses, universities, and high-tech crime associations
Table of Contents
1. Registry Analysis
- Introduction
- Core Analysis Concepts
- What Is the Windows Registry?
- Registry Structure
- Summary
2. Processes and Tools
- Introduction
- Forensic Analysis
- Summary
3. Analyzing the System Hives
- Introduction
- Artifact Categories
- Security Hive
- SAM Hive
- System Hive
- Software Hive
- AmCache Hive
- Summary
4. Case Studies: User Hives
- Introduction
- NTUSER.DAT
- USRCLASS.DAT
- Summary
5. RegRipper
- Introduction
- What Is RegRipper?
- Getting the Most Out of RegRipper
- Summary
Product details
- No. of pages: 216
- Language: English
- Copyright: © Syngress 2016
- Published: March 3, 2016
- Imprint: Syngress
- eBook ISBN: 9780128033357
- Paperback ISBN: 9780128032916