A guide to the Windows Registry cover such topics as Registry structure, live analysis, security, system hive, and tracking user activity. Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry, Second Edition provides the most in-depth guide to forensic investigations using Windows Registry. This book is one of a kind, giving the background of the Registry to help users develop an understanding of the binary structure of registry hive files.Approaches to live response and analysis are included, and tools and techniques for post mortem analysis are discussed at length. Tools and techniques are presented that take you beyond the current use of viewers and into real analysis of data contained in the Registry.This Second Edition of presents a ground-up approach to understanding so that the treasure trove of the Registry is mined on a regular and continuing basis.Named a Best Digital Forensics Book by InfoSec ReviewsPacked with real-world examples using freely available open source toolsProvides a deep explanation and understanding of the Windows Registry - the most difficult part of Windows to analyze forensicallyIncludes a companion website that contains the code and author-created tools discussed in the bookNew edition completely updated for the most current tools and techniquesContains completely updated content throughout, with all new coverage of the latest versions of Windows
Muu info
The second edition of this go-to reference provides readers with the information, tools, and processes needed to find and analyze forensic evidence using Windows Registry. Tools and techniques for post mortem analysis are discussed at length to take users beyond the current use of viewers and into real analysis of data contained in the Registry.
| About the Author |
|
ix | |
| About the Technical Editor |
|
xi | |
| Preface |
|
xiii | |
| Acknowledgments |
|
xvi | |
|
Chapter 1 Registry Analysis |
|
|
1 | (36) |
|
|
|
1 | (3) |
|
|
|
4 | (11) |
|
What Is the Windows Registry? |
|
|
15 | (10) |
|
|
|
25 | (9) |
|
|
|
34 | (3) |
|
Chapter 2 Processes and Tools |
|
|
37 | (24) |
|
|
|
37 | (2) |
|
|
|
39 | (21) |
|
|
|
60 | (1) |
|
Chapter 3 Analyzing the System Hives |
|
|
61 | (70) |
|
|
|
61 | (1) |
|
|
|
62 | (1) |
|
|
|
63 | (6) |
|
|
|
69 | (6) |
|
|
|
75 | (23) |
|
|
|
98 | (25) |
|
|
|
123 | (6) |
|
|
|
129 | (2) |
|
Chapter 4 Case Studies: User Hives |
|
|
131 | (46) |
|
|
|
131 | (1) |
|
|
|
132 | (33) |
|
|
|
165 | (9) |
|
|
|
174 | (3) |
|
|
|
177 | (16) |
|
|
|
177 | (1) |
|
|
|
177 | (6) |
|
Getting the Most Out of RegRipper |
|
|
183 | (8) |
|
|
|
191 | (2) |
| Index |
|
193 | |
Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.
Lisainfo e-raamatute kohta