Windows Registry Forensics - 2nd Edition - ISBN: 9780128032916, 9780128033357

Windows Registry Forensics

2nd Edition

Advanced Digital Forensic Analysis of the Windows Registry

Authors: Harlan Carvey
eBook ISBN: 9780128033357
Paperback ISBN: 9780128032916
Imprint: Syngress
Published Date: 25th March 2016
Page Count: 216
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry, Second Edition, provides the most in-depth guide to forensic investigations involving Windows Registry. This book is one-of-a-kind, giving the background of the Registry to help users develop an understanding of the structure of registry hive files, as well as information stored within keys and values that can have a significant impact on forensic investigations. Tools and techniques for post mortem analysis are discussed at length to take users beyond the current use of viewers and into real analysis of data contained in the Registry. This second edition continues a ground-up approach to understanding so that the treasure trove of the Registry can be mined on a regular and continuing basis.

Key Features

  • Named a Best Digital Forensics Book by InfoSec Reviews
  • Packed with real-world examples using freely available open source tools
  • Provides a deep explanation and understanding of the Windows Registry—perhaps the least understood and employed source of information within Windows systems
  • Includes a companion website that contains the code and author-created tools discussed in the book
  • Features updated, current tools and techniques
  • Contains completely updated content throughout, with all new coverage of the latest versions of Windows


Information Security professionals at all levels, digital forensic examiners and investigators, InfoSec consultants, attorneys, law enforcement officers. Also useful to forensic training vendors, government training courses, universities, and high-tech crime associations.

Table of Contents

  • Dedication
  • About the Author
  • About the Technical Editor
  • Preface
  • Acknowledgments
  • 1. Registry Analysis
    • Introduction
    • Core Analysis Concepts
    • What Is the Windows Registry?
    • Registry Structure
    • Summary
  • 2. Processes and Tools
    • Introduction
    • Forensic Analysis
    • Summary
  • 3. Analyzing the System Hives
    • Introduction
    • Artifact Categories
    • Security Hive
    • SAM Hive
    • System Hive
    • Software Hive
    • AmCache Hive
    • Summary
  • 4. Case Studies: User Hives
    • Introduction
    • Summary
  • 5. RegRipper
    • Introduction
    • What Is RegRipper?
    • Getting the Most Out of RegRipper
    • Summary
  • Index


No. of pages:
© Syngress 2016
eBook ISBN:
Paperback ISBN:

About the Author

Harlan Carvey

Harlan Carvey is a senior information security researcher with the Dell SecureWorks Counter Threat Unit - Special Ops (CTU-SO) team, where his efforts are focused on targeted threat hunting, response, and research. He continues to maintain a passion and focus in analyzing Windows systems, and in particular, the Windows Registry.

Harlan is an accomplished author, public speaker, and open source tool author. He dabbles in other activities, including home brewing and horseback riding. As a result, he has become quite adept at backing up and parking a horse trailer.

Harlan earned a bachelor’s degree in electrical engineering from the Virginia Military Institute, and a master’s degree in the same discipline from the Naval Postgraduate School. He served in the United States Marine Corps, achieving the rank of captain before departing the service. He resides in Northern Virginia with his family.

Affiliations and Expertise

DFIR analyst, presenter, and open-source tool author

Ratings and Reviews