Windows registry forensics: advanced digital forensic analysis of the Windows registry

Windows registry forensics: advanced digital forensic analysis of the Windows registry

Carvey, Harlan

56,15 €(IVA inc.)

Harlan Carvey brings readers an advanced book on Windows Registry - the most difficult part of Windows to analyze in forensics! Windows Registry Forensics provides the background of the Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included and tools and techniques for post-mortem analysis are discussed at length. Tools and techniques will be presented that take the analyst beyond the current use of viewers and into real analysis of data contained in the Registry. This book also has a DVD containing tools, instructions and videos. Packed with real-world examples using freely available toolsDeep explanation and understanding of the Windows Registry - the most misunderstood filesAuthor Harlan Carvey brings his expert knowledge and tools into one book"It is no exaggeration to say that nearly everything that happens on a Windows system involves the registry-which makes effective examination of the registry absolutely fundamental to good Windows forensics. By devoting a whole book to this critical Windows artifact, Harlan has delivered a much needed resourceto everyone doing forensics investigations of Windows systems. What I appreciate about this book, however, is that it is much more than a mere compilation of registry keys important to forensics investigation. This is a book about how to examine the registry, and it is a good one." -Troy Larson, Principal Forensic Program Manager, Network Security Investigations, Microsoft "Windows Registry Forensics provides extensive proof that registry examination is critical to every digital forensic case. Harlan Carvey steps the reader through critical analysis techniques recovering key evidence of activity of suspect user accounts or intrusion-based malware. Using his extensive experience and research, Harlan's case studies provide behind-the-scenes details that enable every analyst to utilize these techniques immediately in their own investigations. This book is a must have reference for current forensic knowledge of the Microsoft Registry Windows XP through Windows 7 and should become core knowledge for anyserious digital forensic investigator." - Rob Lee, SANS Institute

  • ISBN: 978-1-59749-580-6
  • Editorial: Syngress
  • Encuadernacion: Rústica
  • Páginas: 248
  • Fecha Publicación: 27/02/2011
  • Nº Volúmenes: 1
  • Idioma: Inglés