Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registryby Harlan Carvey
Pub. Date: 02/07/2011
Publisher: Elsevier Science
Harlan Carvey brings readers an advanced book on Windows Registry. The first book of its kind EVER Windows Registry Forensics provides the background of the Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included, and tools and techniques for postmortem analysis/i>
Most Helpful Customer Reviews
See all customer reviews
Are you interested in the forensic analysis of Windows systems? If you are, then this book is for you! Author Harlan Carvey, has done an outstanding job of writing a book that focuses on the Registry found on the Windows NT family of operating systems, from Windows XP, through Windows 2003, Vista, Windows 2008 and Windows 7. Author Carvey, begins by addressing the topic of Registry analysis overall and what goes into it. In addition, the author discusses a number of tools that are used in Registry analysis. He then shows you how various keys and values have had a significant impact on various examinations, and how they can be used in conjunction with other data to further your analysis, and allow you to succinctly achieve your goals. Finally, the author shows you how to track user activity, with detailed emphasis on regripper plug-ins, MRU lists, run, temporal proximity, USB devices, XPMode, time stamps, RecentDocs, DisableMRU, searches, ComDig32, historical data, shellbags, USRCLASS.dat, BagMRU Plugins, UserAssist, Vigenere encryption, run count, time references, XPMode and UserAssist, noninstrumentation, MuiCache, MuiCache key historical data, file associations, scenarios, Trojan defense, connecting to other systems and preserving privacy. The goal of this most excellent book, is to illustrate the immense value that can be derived through Registry analysis. Perhaps more importantly, the CD that accompanies this book, contains several tools that have executable versions (compiled with Perl2Exe), so that you do not have to install Perl to run the tools.