Windows Registry Forensics - 1st Edition - ISBN: 9781597495806, 9781597495813

Windows Registry Forensics

1st Edition

Advanced Digital Forensic Analysis of the Windows Registry

Authors: Harlan Carvey
eBook ISBN: 9781597495813
Paperback ISBN: 9781597495806
Imprint: Syngress
Published Date: 24th January 2011
Page Count: 248
Tax/VAT will be calculated at check-out
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
52.95
37.06
37.06
37.06
37.06
37.06
42.36
42.36
42.99
30.09
30.09
30.09
30.09
30.09
34.39
34.39
68.95
48.27
48.27
48.27
48.27
48.27
55.16
55.16
Unavailable
File Compatibility per Device

PDF, EPUB, VSB (Vital Source):
PC, Apple Mac, iPhone, iPad, Android mobile devices.

Mobi:
Amazon Kindle eReader.

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

Windows Registry Forensics provides the background of the Windows Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included, and tools and techniques for postmortem analysis are discussed at length. Tools and techniques are presented that take the student and analyst beyond the current use of viewers and into real analysis of data contained in the Registry, demonstrating the forensic value of the Registry.

Named a 2011 Best Digital Forensics Book by InfoSec Reviews, this book is packed with real-world examples using freely available open source tools. It also includes case studies and a CD containing code and author-created tools discussed in the book.

This book will appeal to computer forensic and incident response professionals, including federal government and commercial/private sector contractors, consultants, etc.

Key Features

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Packed with real-world examples using freely available open source tools
  • Deep explanation and understanding of the Windows Registry – the most difficult part of Windows to analyze forensically
  • Includes a CD containing code and author-created tools discussed in the book

Readership

Computer forensic and incident response professionals, including federal government, commercial/private sector contractors, consultants, etc.

Table of Contents

Chapter 1 Registry Analysis

Introduction

What is "Registry Analysis"?

What is the Windows Registry?

Registry Structure

Summary

Frequently Asked Questions

References

Chapter 2 Tools

Introduction

Live Analysis

Summary

Frequently Asked Questions

References

Chapter 3 Case Studies: The System

Introduction

Security and SAM hives

System Hive

Software Hive

BCD Hive

Summary

Frequently Asked Questions

References

Chapter 4 Case Studies: Tracking User Activity

Introduction

Tracking User Activity

Scenarios

Summary

References

 

 

Details

No. of pages:
248
Language:
English
Copyright:
© Syngress 2011
Published:
Imprint:
Syngress
eBook ISBN:
9781597495813
Paperback ISBN:
9781597495806

About the Author

Harlan Carvey

Harlan Carvey is a senior information security researcher with the Dell SecureWorks Counter Threat Unit - Special Ops (CTU-SO) team, where his efforts are focused on targeted threat hunting, response, and research. He continues to maintain a passion and focus in analyzing Windows systems, and in particular, the Windows Registry.

Harlan is an accomplished author, public speaker, and open source tool author. He dabbles in other activities, including home brewing and horseback riding. As a result, he has become quite adept at backing up and parking a horse trailer.

Harlan earned a bachelor’s degree in electrical engineering from the Virginia Military Institute, and a master’s degree in the same discipline from the Naval Postgraduate School. He served in the United States Marine Corps, achieving the rank of captain before departing the service. He resides in Northern Virginia with his family.

Affiliations and Expertise

DFIR analyst, presenter, and open-source tool author

Awards

Best Digital Forensics Books 2011, InfoSec Reviews

Reviews

"As an experienced security architect
I’ve been reasonably familiar with the "windows registry" for many years and have frequently used regedit to look at various keys and values (and have sometimes even taken the dangerous steps of changing values!). In my vast library I also have a number of books describing the registry, although I have to say they are somewhat ancient. However, it was not until I read this book I really appreciated the vast amount of information contained in the various registry files. Indeed I was not aware of forensic importance of these files."--Best Digital Forensics Book in InfoSecReviews Book Awards

"It is no exaggeration to say that nearly everything that happens on a Windows system involves the registry—which makes effective examination of the registry absolutely fundamental to good Windows forensics.  By devoting a whole book to this critical Windows artifact, Harlan has delivered a much needed resource to everyone doing forensics investigations of Windows systems.  What I appreciate about this book, however, is that it is much more than a  mere compilation of registry keys important to forensics investigation.  This is a book about how to examine the registry, and it is a good one."--Troy Larson, Principal Forensic Program Manager, Network Security Investigations, Microsoft

"Windows Registry Forensics provides extensive proof that registry examination is critical to every digital forensic case.  Harlan Carvey steps the reader through critical analysis techniques recovering key evidence of activity of suspect user accounts or intrusion-based malware.  Using his extensive experience and research, Harlan's case studies provide behind-the-scenes details that enable every analyst to utilize these techniques immediately in their own investigations.  This book is a must have reference for current forensic knowledge of the Microsoft Registry Windows XP through Windows 7 and should become core knowledge for any serious digital forensic investigator."--Rob Lee, SANS Institute

"Useful to beginning and intermediate practitioners, but even advanced examiners may fi nd registry information here that they were not previously aware of. Anyone working in digital forensics or incident response who has not made registry examination integral to their process must read and absorb this book. The information is vital to Windows examinations…. Windows Registry Forensics easily succeeds in its mission to convey the value of integrating registry examination into the forensic process. It provides valuable information relevant to a wide range of investigations. And Mr. Carvey’s conversational writing style makes the book easy to read...."--Digital Forensics Magazine

"This guide to digital forensics on computers running the Microsoft Windows operating system provides detailed information on the analysis of the Windows registry to detect intrusion and document user actions. The work is divided into three sections beginning with an overview of the registry structure and following with a discussion of registry analysis tools and concluding with an in depth case study of a registry forensics project. Each section includes answers to frequently asked questions and a selection of references for further reading. Illustrations, code examples, tips and warning notes are provided throughout and an accompanying CD-ROM provides copies of registry analysis tools created by the author. Carvey is a computer forensics consultant."--Book News, Reference & Research

"As an experienced security architect I’ve been reasonably familiar with the ‘windows registry’ for many years and have frequently used regedit to look at various keys and values (and have sometimes even taken the dangerous steps of changing values!). In my vast library I also have a number of books describing the registry, although I have to say they are somewhat ancient. However it was not until I read this book I really appreciated the vast amount of information contained in the various registry files. Indeed I was not aware of forensics importance of these files….. An extremely useful book to a forensics investigator, even an experienced one. I would not hesitate in recommending this book to anyone…"--InfoSecReviews.com