Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry

Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry

4.3 6
by Harlan Carvey

See All Formats & Editions

ISBN-10: 1597495808

ISBN-13: 9781597495806

Pub. Date: 02/07/2011

Publisher: Elsevier Science

Harlan Carvey brings readers an advanced book on Windows Registry. The first book of its kind EVER — Windows Registry Forensics provides the background of the Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included, and tools and techniques for postmortem analysis

Customer Reviews

Average Review:

Post to your social network


Most Helpful Customer Reviews

See all customer reviews

Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry 5 out of 5 based on 0 ratings. 3 reviews.
Are you interested in the forensic analysis of Windows systems? If you are, then this book is for you! Author Harlan Carvey, has done an outstanding job of writing a book that focuses on the Registry found on the Windows NT family of operating systems, from Windows XP, through Windows 2003, Vista, Windows 2008 and Windows 7. Author Carvey, begins by addressing the topic of Registry analysis overall and what goes into it. In addition, the author discusses a number of tools that are used in Registry analysis. He then shows you how various keys and values have had a significant impact on various examinations, and how they can be used in conjunction with other data to further your analysis, and allow you to succinctly achieve your goals. Finally, the author shows you how to track user activity, with detailed emphasis on regripper plug-ins, MRU lists, run, temporal proximity, USB devices, XPMode, time stamps, RecentDocs, DisableMRU, searches, ComDig32, historical data, shellbags, USRCLASS.dat, BagMRU Plugins, UserAssist, Vigenere encryption, run count, time references, XPMode and UserAssist, noninstrumentation, MuiCache, MuiCache key historical data, file associations, scenarios, Trojan defense, connecting to other systems and preserving privacy. The goal of this most excellent book, is to illustrate the immense value that can be derived through Registry analysis. Perhaps more importantly, the CD that accompanies this book, contains several tools that have executable versions (compiled with Perl2Exe), so that you do not have to install Perl to run the tools.
Anonymous More than 1 year ago
Anonymous More than 1 year ago