×

Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry
     

Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry

4.3 6
by Harlan Carvey
 

See All Formats & Editions

ISBN-10: 1597495808

ISBN-13: 9781597495806

Pub. Date: 02/07/2011

Publisher: Elsevier Science

Windows Registry Forensics provides the background of the Windows Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included, and tools and techniques for postmortem analysis are discussed at length. Tools and techniques are presented that take the student and analyst beyond

Overview

Windows Registry Forensics provides the background of the Windows Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included, and tools and techniques for postmortem analysis are discussed at length. Tools and techniques are presented that take the student and analyst beyond the current use of viewers and into real analysis of data contained in the Registry, demonstrating the forensic value of the Registry.

Named a 2011 Best Digital Forensics Book by InfoSec Reviews, this book is packed with real-world examples using freely available open source tools. It also includes case studies and a CD containing code and author-created tools discussed in the book.

This book will appeal to computer forensic and incident response professionals, including federal government and commercial/private sector contractors, consultants, etc.

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Packed with real-world examples using freely available open source tools
  • Deep explanation and understanding of the Windows Registry – the most difficult part of Windows to analyze forensically
  • Includes a CD containing code and author-created tools discussed in the book

Product Details

ISBN-13:
9781597495806
Publisher:
Elsevier Science
Publication date:
02/07/2011
Pages:
248
Product dimensions:
7.40(w) x 9.10(h) x 0.80(d)

Related Subjects

Table of Contents

Chapter 1. Registry Analysis Chapter 2. Tools Chapter 3. Case Studies: The System Chapter 4. Case Studies: Tracking User Activity

Customer Reviews

Average Review:

Post to your social network

     

Most Helpful Customer Reviews

See all customer reviews

Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry 5 out of 5 based on 0 ratings. 3 reviews.
FRINGEINDEPENEDENTREVIEW More than 1 year ago
Are you interested in the forensic analysis of Windows systems? If you are, then this book is for you! Author Harlan Carvey, has done an outstanding job of writing a book that focuses on the Registry found on the Windows NT family of operating systems, from Windows XP, through Windows 2003, Vista, Windows 2008 and Windows 7. Author Carvey, begins by addressing the topic of Registry analysis overall and what goes into it. In addition, the author discusses a number of tools that are used in Registry analysis. He then shows you how various keys and values have had a significant impact on various examinations, and how they can be used in conjunction with other data to further your analysis, and allow you to succinctly achieve your goals. Finally, the author shows you how to track user activity, with detailed emphasis on regripper plug-ins, MRU lists, run, temporal proximity, USB devices, XPMode, time stamps, RecentDocs, DisableMRU, searches, ComDig32, historical data, shellbags, USRCLASS.dat, BagMRU Plugins, UserAssist, Vigenere encryption, run count, time references, XPMode and UserAssist, noninstrumentation, MuiCache, MuiCache key historical data, file associations, scenarios, Trojan defense, connecting to other systems and preserving privacy. The goal of this most excellent book, is to illustrate the immense value that can be derived through Registry analysis. Perhaps more importantly, the CD that accompanies this book, contains several tools that have executable versions (compiled with Perl2Exe), so that you do not have to install Perl to run the tools.
Anonymous More than 1 year ago
Anonymous More than 1 year ago