Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry

Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry

4.3 6
by Harlan Carvey
     
 

View All Available Formats & Editions

ISBN-10: 1597495808

ISBN-13: 2901597495805

Pub. Date: 02/07/2011

Publisher: Elsevier Science

Harlan Carvey brings readers an advanced book on Windows Registry. The first book of its kind EVER — Windows Registry Forensics provides the background of the Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included, and tools and techniques for postmortem analysis

Overview

Harlan Carvey brings readers an advanced book on Windows Registry. The first book of its kind EVER — Windows Registry Forensics provides the background of the Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included, and tools and techniques for postmortem analysis are discussed at length. Tools and techniques will be presented that take the analyst beyond the current use of viewers and into real analysis of data contained in the Registry.

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Packed with real-world examples using freely available open source tools
  • Deep explanation and understanding of the Windows Registry – the most difficult part of Windows to analyze forensically
  • Includes a CD containing code and author-created tools discussed in the book

Product Details

ISBN-13:
2901597495805
Publisher:
Elsevier Science
Publication date:
02/07/2011
Edition description:
NE
Pages:
248

Related Subjects

Table of Contents

Chapter 1. Registry Analysis Chapter 2. Tools Chapter 3. Case Studies: The System Chapter 4. Case Studies: Tracking User Activity

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >

Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry 5 out of 5 based on 0 ratings. 3 reviews.
FRINGEINDEPENEDENTREVIEW More than 1 year ago
Are you interested in the forensic analysis of Windows systems? If you are, then this book is for you! Author Harlan Carvey, has done an outstanding job of writing a book that focuses on the Registry found on the Windows NT family of operating systems, from Windows XP, through Windows 2003, Vista, Windows 2008 and Windows 7. Author Carvey, begins by addressing the topic of Registry analysis overall and what goes into it. In addition, the author discusses a number of tools that are used in Registry analysis. He then shows you how various keys and values have had a significant impact on various examinations, and how they can be used in conjunction with other data to further your analysis, and allow you to succinctly achieve your goals. Finally, the author shows you how to track user activity, with detailed emphasis on regripper plug-ins, MRU lists, run, temporal proximity, USB devices, XPMode, time stamps, RecentDocs, DisableMRU, searches, ComDig32, historical data, shellbags, USRCLASS.dat, BagMRU Plugins, UserAssist, Vigenere encryption, run count, time references, XPMode and UserAssist, noninstrumentation, MuiCache, MuiCache key historical data, file associations, scenarios, Trojan defense, connecting to other systems and preserving privacy. The goal of this most excellent book, is to illustrate the immense value that can be derived through Registry analysis. Perhaps more importantly, the CD that accompanies this book, contains several tools that have executable versions (compiled with Perl2Exe), so that you do not have to install Perl to run the tools.
Anonymous More than 1 year ago
Anonymous More than 1 year ago