Windows Registry Forensics

Windows Registry Forensics

Advanced Digital Forensic Analysis of the Windows Registry

1st Edition - January 3, 2011

Write a review

  • Author: Harlan Carvey
  • eBook ISBN: 9781597495813

Purchase options

Purchase options
DRM-free (PDF, EPub, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

Windows Registry Forensics provides the background of the Windows Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included, and tools and techniques for postmortem analysis are discussed at length. Tools and techniques are presented that take the student and analyst beyond the current use of viewers and into real analysis of data contained in the Registry, demonstrating the forensic value of the Registry. Named a 2011 Best Digital Forensics Book by InfoSec Reviews, this book is packed with real-world examples using freely available open source tools. It also includes case studies and a CD containing code and author-created tools discussed in the book. This book will appeal to computer forensic and incident response professionals, including federal government and commercial/private sector contractors, consultants, etc.

Key Features

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Packed with real-world examples using freely available open source tools
  • Deep explanation and understanding of the Windows Registry – the most difficult part of Windows to analyze forensically
  • Includes a CD containing code and author-created tools discussed in the book

Readership

Computer forensic and incident response professionals, including federal government, commercial/private sector contractors, consultants, etc.

Table of Contents

  • Chapter 1 Registry Analysis

    Introduction

    What is "Registry Analysis"?

    What is the Windows Registry?

    Registry Structure

    Summary

    Frequently Asked Questions

    References

    Chapter 2 Tools

    Introduction

    Live Analysis

    Summary

    Frequently Asked Questions

    References

    Chapter 3 Case Studies: The System

    Introduction

    Security and SAM hives

    System Hive

    Software Hive

    BCD Hive

    Summary

    Frequently Asked Questions

    References

    Chapter 4 Case Studies: Tracking User Activity

    Introduction

    Tracking User Activity

    Scenarios

    Summary

    References

     

     

Product details

  • No. of pages: 248
  • Language: English
  • Copyright: © Syngress 2011
  • Published: January 3, 2011
  • Imprint: Syngress
  • eBook ISBN: 9781597495813

About the Author

Harlan Carvey

Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.

Affiliations and Expertise

DFIR analyst, presenter, and open-source tool author

Ratings and Reviews

Write a review

There are currently no reviews for "Windows Registry Forensics"