Details

No. of pages:
248
Language:
English
Copyright:
© 2011
Published:
Imprint:
Syngress
Print ISBN:
9781597495806
Electronic ISBN:
9781597495813

About the author

Harlan Carvey

Harlan Carvey is a senior information security researcher with the Dell SecureWorks Counter Threat Unit – Special Ops (CTU-SO) team, where his efforts are focused on targeted threat hunting, response, and research. He continues to maintain a passion and focus in analyzing Windows systems, and in particular, the Windows Registry. Harlan is an accomplished author, public speaker, and open source tool author. He dabbles in other activities, including home brewing and horseback riding. As a result, he has become quite adept at backing up and parking a horse trailer. Harlan earned a bachelor’s degree in electrical engineering from the Virginia Military Institute, and a master’s degree in the same discipline from the Naval Postgraduate School. He served in the United States Marine Corps, achieving the rank of captain before departing the service. He resides in Northern Virginia with his family.

Affiliations and Expertise

DFIR analyst, presenter, and open-source tool author

Awards

Best Digital Forensics Books 2011, InfoSec Reviews

Reviews

"As an experienced security architect
I’ve been reasonably familiar with the "windows registry" for many years and have frequently used regedit to look at various keys and values (and have sometimes even taken the dangerous steps of changing values!). In my vast library I also have a number of books describing the registry, although I have to say they are somewhat ancient. However, it was not until I read this book I really appreciated the vast amount of information contained in the various registry files. Indeed I was not aware of forensic importance of these files."--Best Digital Forensics Book in InfoSecReviews Book Awards

"It is no exaggeration to say that nearly everything that happens on a Windows system involves the registry—which makes effective examination of the registry absolutely fundamental to good Windows forensics.  By devoting a whole book to this critical Windows artifact, Harlan has delivered a much needed resource to everyone doing forensics investigations of Windows systems.  What I appreciate about this book, however, is that it is much more than a  mere compilation of registry keys important to forensics investigation.  This is a book about how to examine the registry, and it is a good one."--Troy Larson, Principal Forensic Program Manager, Network Security Investigations, Microsoft

"Windows Registry Forensics provides extensive proof that registry examination is critical to every digital forensic case.  Harlan Carvey steps the reader through critical analysis techniques recovering key evidence of activity of suspect user accounts or intrusion-based malware.  Using his extensive experience and research, Harlan's case studies provide behind-the-scenes details that enable every analyst to utilize these techniques immediately in their own investigations.  This book is a must have reference for current forensic knowledge of the Mic