Windows Registry Forensics
2nd Edition
Advanced Digital Forensic Analysis of the Windows Registry
Description
Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry, Second Edition, provides the most in-depth guide to forensic investigations involving Windows Registry. This book is one-of-a-kind, giving the background of the Registry to help users develop an understanding of the structure of registry hive files, as well as information stored within keys and values that can have a significant impact on forensic investigations. Tools and techniques for post mortem analysis are discussed at length to take users beyond the current use of viewers and into real analysis of data contained in the Registry. This second edition continues a ground-up approach to understanding so that the treasure trove of the Registry can be mined on a regular and continuing basis.
Key Features
- Named a Best Digital Forensics Book by InfoSec Reviews
- Packed with real-world examples using freely available open source tools
- Provides a deep explanation and understanding of the Windows Registry—perhaps the least understood and employed source of information within Windows systems
- Includes a companion website that contains the code and author-created tools discussed in the book
- Features updated, current tools and techniques
- Contains completely updated content throughout, with all new coverage of the latest versions of Windows
Readership
Information Security professionals at all levels, digital forensic examiners and investigators, InfoSec consultants, attorneys, law enforcement officers. Also useful to forensic training vendors, government training courses, universities, and high-tech crime associations
Table of Contents
1. Registry Analysis
- Introduction
- Core Analysis Concepts
- What Is the Windows Registry?
- Registry Structure
- Summary
2. Processes and Tools
- Introduction
- Forensic Analysis
- Summary
3. Analyzing the System Hives
- Introduction
- Artifact Categories
- Security Hive
- SAM Hive
- System Hive
- Software Hive
- AmCache Hive
- Summary
4. Case Studies: User Hives
- Introduction
- NTUSER.DAT
- USRCLASS.DAT
- Summary
5. RegRipper
- Introduction
- What Is RegRipper?
- Getting the Most Out of RegRipper
- Summary
Details
- No. of pages:
- 216
- Language:
- English
- Copyright:
- © Syngress 2016
- Published:
- 25th March 2016
- Imprint:
- Syngress
- eBook ISBN:
- 9780128033357
- Paperback ISBN:
- 9780128032916
About the Author
Harlan Carvey
Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.
Affiliations and Expertise
DFIR analyst, presenter, and open-source tool author