»
Windows Registry Forensics
 
 

Windows Registry Forensics, 1st Edition

Advanced Digital Forensic Analysis of the Windows Registry

 
Windows Registry Forensics, 1st Edition,Harlan Carvey,ISBN9781597495806
 
 
 

  

Syngress

9781597495806

9781597495813

248

235 X 191

Find and analyze evidence within a Windows computer registry with tips and techniques from Harlan Carvey!

Print Book

Paperback

In Stock

Estimated Delivery Time
USD 69.95

eBook
eBook Overview

VST format:

DRM Free included formats: EPub, Mobi, PDF

This product is currently not available.
 
 

Key Features

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Packed with real-world examples using freely available open source tools
  • Deep explanation and understanding of the Windows Registry - the most difficult part of Windows to analyze forensically
  • Includes a CD containing code and author-created tools discussed in the book

Description

Harlan Carvey brings readers an advanced book on Windows Registry. The first book of its kind EVER -- Windows Registry Forensics provides the background of the Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included, and tools and techniques for postmortem analysis are discussed at length. Tools and techniques will be presented that take the analyst beyond the current use of viewers and into real analysis of data contained in the Registry.

Readership

Computer forensic and incident response professionals, including federal government, commercial/private sector contractors, consultants, etc.

Harlan Carvey

Harlan Carvey (CISSP) is a Vice President of Advanced Security Projects with Terremark Worldwide, Inc. Terremark is a leading global provider of IT infrastructure and “cloud computing” services, based in Miami, FL. Harlan is a key contributor to the Engagement Services practice, providing disk forensics analysis, consulting, and training services to both internal and external customers. Harlan has provided forensic analysis services for the hospitality industry, financial institutions, as well as federal government and law enforcement agencies. Harlan’s primary areas of interest include research and development of novel analysis solutions, with a focus on Windows platforms. Harlan holds a bachelor’s degree in electrical engineering from the Virginia Military Institute and a master’s degree in the same discipline from the Naval Postgraduate School. Harlan resides in Northern Virginia with his family.

Affiliations and Expertise

(CISSP) Vice President of Advanced Security Projects with Terremark Worldwide, Inc., which is headquartered in Miami, FL. Harlan has provided forensic analysis services for the hospitality industry, financial institutions, as well as federal government and law enforcement agencies. Harlan resides in Northern Virginia with his family.

View additional works by Harlan Carvey

Windows Registry Forensics, 1st Edition

Chapter 1 Registry Analysis

Introduction

What is "Registry Analysis"?

What is the Windows Registry?

Registry Structure

Summary

Frequently Asked Questions

References

Chapter 2 Tools

Introduction

Live Analysis

Summary

Frequently Asked Questions

References

Chapter 3 Case Studies: The System

Introduction

Security and SAM hives

System Hive

Software Hive

BCD Hive

Summary

Frequently Asked Questions

References

Chapter 4 Case Studies: Tracking User Activity

Introduction

Tracking User Activity

Scenarios

Summary

References

 

 

Quotes and reviews

"As an experienced security architect?I’ve been reasonably familiar with the "windows registry" for many years and have frequently used regedit to look at various keys and values (and have sometimes even taken the dangerous steps of changing values!). In my vast library I also have a number of books describing the registry, although I have to say they are somewhat ancient. However, it was not until I read this book I really appreciated the vast amount of information contained in the various registry files. Indeed I was not aware of forensic importance of these files."--Best Digital Forensics Book in InfoSecReviews Book Awards

"It is no exaggeration to say that nearly everything that happens on a Windows system involves the registry-which makes effective examination of the registry absolutely fundamental to good Windows forensics.  By devoting a whole book to this critical Windows artifact, Harlan has delivered a much needed resource to everyone doing forensics investigations of Windows systems.  What I appreciate about this book, however, is that it is much more than a  mere compilation of registry keys important to forensics investigation.  This is a book about how to examine the registry, and it is a good one."--Troy Larson, Principal Forensic Program Manager, Network Security Investigations, Microsoft

"Windows Registry Forensics provides extensive proof that registry examination is critical to every digital forensic case.  Harlan Carvey steps the reader through critical analysis techniques recovering key evidence of activity of suspect user accounts or intrusion-based malware.  Using his extensive experience and research, Harlan's case studies provide behind-the-scenes details that enable every analyst to utilize these techniques immediately in their own investigations.  This book is a must have reference for current forensic knowledge of the Microsoft Registry Windows XP through Windows 7 and should become core knowledge for any serious digital forensic investigator."--Rob Lee, SANS Institute

"Useful to beginning and intermediate practitioners, but even advanced examiners may fi nd registry information here that they were not previously aware of. Anyone working in digital forensics or incident response who has not made registry examination integral to their process must read and absorb this book. The information is vital to Windows examinations…. Windows Registry Forensics easily succeeds in its mission to convey the value of integrating registry examination into the forensic process. It provides valuable information relevant to a wide range of investigations. And Mr. Carvey’s conversational writing style makes the book easy to read...."--Digital Forensics Magazine

"This guide to digital forensics on computers running the Microsoft Windows operating system provides detailed information on the analysis of the Windows registry to detect intrusion and document user actions. The work is divided into three sections beginning with an overview of the registry structure and following with a discussion of registry analysis tools and concluding with an in depth case study of a registry forensics project. Each section includes answers to frequently asked questions and a selection of references for further reading. Illustrations, code examples, tips and warning notes are provided throughout and an accompanying CD-ROM provides copies of registry analysis tools created by the author. Carvey is a computer forensics consultant."--Book News, Reference & Research

"As an experienced security architect I’ve been reasonably familiar with the ‘windows registry’ for many years and have frequently used regedit to look at various keys and values (and have sometimes even taken the dangerous steps of changing values!). In my vast library I also have a number of books describing the registry, although I have to say they are somewhat ancient. However it was not until I read this book I really appreciated the vast amount of information contained in the various registry files. Indeed I was not aware of forensics importance of these files….. An extremely useful book to a forensics investigator, even an experienced one. I would not hesitate in recommending this book to anyone…"--InfoSecReviews.com

 
 
Discount on all Earth,Environment and Energy Titles | Use Promo Code EARTH
Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy
FAQ