Awards
- Winner of Best Digital Forensics Books 2011 2011
Overview
Windows Registry Forensics provides the background of the Windows Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included, and tools and techniques for postmortem analysis are discussed at length. Tools and techniques are presented that take the student and analyst beyond the current use of viewers and into real analysis of data contained in the Registry, demonstrating the forensic value of the Registry. Named a 2011 Best Digital Forensics Book by InfoSec Reviews, this book is packed with real-world examples using freely available open source tools. It also includes case studies and a CD containing code and author-created tools discussed in the book. This book will appeal to computer forensic and incident response professionals, including federal government and commercial/private sector contractors, consultants, etc.
Full Product Details
Author: Harlan Carvey (DFIR analyst, presenter, and open-source tool author)
Publisher: Syngress Media,U.S.
Imprint: Syngress Media,U.S.
Dimensions:
Width: 19.10cm
, Height: 2.30cm
, Length: 23.50cm
Weight: 0.500kg
ISBN: 9781597495806
ISBN 10: 1597495808
Pages: 248
Publication Date: 07 March 2011
Audience:
College/higher education
,
Tertiary & Higher Education
Replaced By: 9780128032916
Format: Paperback
Publisher's Status: Out of Print
Availability: In Print
Limited stock is available. It will be ordered for you and shipped pending supplier's limited stock.
Reviews
It is no exaggeration to say that nearly everything that happens on a Windows system involves the registry-which makes effective examination of the registry absolutely fundamental to good Windows forensics. By devoting a whole book to this critical Windows artifact, Harlan has delivered a much needed resource to everyone doing forensics investigations of Windows systems. What I appreciate about this book, however, is that it is much more than a mere compilation of registry keys important to forensics investigation. This is a book about how to examine the registry, and it is a good one. --Troy Larson, Principal Forensic Program Manager, Network Security Investigations, Microsoft Windows Registry Forensics provides extensive proof that registry examination is critical to every digital forensic case. Harlan Carvey steps the reader through critical analysis techniques recovering key evidence of activity of suspect user accounts or intrusion-based malware. Using his extensive experience and research, Harlan's case studies provide behind-the-scenes details that enable every analyst to utilize these techniques immediately in their own investigations. This book is a must have reference for current forensic knowledge of the Microsoft Registry Windows XP through Windows 7 and should become core knowledge for any serious digital forensic investigator. --Rob Lee, SANS Institute Useful to beginning and intermediate practitioners, but even advanced examiners may fi nd registry information here that they were not previously aware of. Anyone working in digital forensics or incident response who has not made registry examination integral to their process must read and absorb this book. The information is vital to Windows examinations. Windows Registry Forensics easily succeeds in its mission to convey the value of integrating registry examination into the forensic process. It provides valuable information relevant to a wide range of investigations. And Mr. Carvey's conversational writing style makes the book easy to read... --Digital Forensics Magazine This guide to digital forensics on computers running the Microsoft Windows operating system provides detailed information on the analysis of the Windows registry to detect intrusion and document user actions. The work is divided into three sections beginning with an overview of the registry structure and following with a discussion of registry analysis tools and concluding with an in depth case study of a registry forensics project. Each section includes answers to frequently asked questions and a selection of references for further reading. Illustrations, code examples, tips and warning notes are provided throughout and an accompanying CD-ROM provides copies of registry analysis tools created by the author. Carvey is a computer forensics consultant. --Book News, Reference & Research As an experienced security architect I've been reasonably familiar with the 'windows registry' for many years and have frequently used regedit to look at various keys and values (and have sometimes even taken the dangerous steps of changing values!). In my vast library I also have a number of books describing the registry, although I have to say they are somewhat ancient. However it was not until I read this book I really appreciated the vast amount of information contained in the various registry files. Indeed I was not aware of forensics importance of these files... An extremely useful book to a forensics investigator, even an experienced one. I would not hesitate in recommending this book to anyone. --InfoSecReviews.com
It is no exaggeration to say that nearly everything that happens on a Windows system involves the registry-which makes effective examination of the registry absolutely fundamental to good Windows forensics. By devoting a whole book to this critical Windows artifact, Harlan has delivered a much needed resource to everyone doing forensics investigations of Windows systems. What I appreciate about this book, however, is that it is much more than a mere compilation of registry keys important to forensics investigation. This is a book about how to examine the registry, and it is a good one. -Troy Larson, Principal Forensic Program Manager, Network Security Investigations, Microsoft Windows Registry Forensics provides extensive proof that registry examination is critical to every digital forensic case. Harlan Carvey steps the reader through critical analysis techniques recovering key evidence of activity of suspect user accounts or intrusion-based malware. Using his extensive experience and research, Harlan's case studies provide behind-the-scenes details that enable every analyst to utilize these techniques immediately in their own investigations. This book is a must have reference for current forensic knowledge of the Microsoft Registry Windows XP through Windows 7 and should become core knowledge for any serious digital forensic investigator. - Rob Lee, SANS Institute
It is no exaggeration to say that nearly everything that happens on a Windows system involves the registry-which makes effective examination of the registry absolutely fundamental to good Windows forensics. By devoting a whole book to this critical Windows artifact, Harlan has delivered a much needed resource to everyone doing forensics investigations of Windows systems. What I appreciate about this book, however, is that it is much more than a mere compilation of registry keys important to forensics investigation. This is a book about how to examine the registry, and it is a good one. -Troy Larson, Principal Forensic Program Manager, Network Security Investigations, Microsoft
It is no exaggeration to say that nearly everything that happens on a Windows system involves the registry-which makes effective examination of the registry absolutely fundamental to good Windows forensics. By devoting a whole book to this critical Windows artifact, Harlan has delivered a much needed resource to everyone doing forensics investigations of Windows systems. What I appreciate about this book, however, is that it is much more than a mere compilation of registry keys important to forensics investigation. This is a book about how to examine the registry, and it is a good one. --Troy Larson, Principal Forensic Program Manager, Network Security Investigations, Microsoft Windows Registry Forensics provides extensive proof that registry examination is critical to every digital forensic case. Harlan Carvey steps the reader through critical analysis techniques recovering key evidence of activity of suspect user accounts or intrusion-based malware. Using his extensive experience and research, Harlan's case studies provide behind-the-scenes details that enable every analyst to utilize these techniques immediately in their own investigations. This book is a must have reference for current forensic knowledge of the Microsoft Registry Windows XP through Windows 7 and should become core knowledge for any serious digital forensic investigator. --Rob Lee, SANS Institute Useful to beginning and intermediate practitioners, but even advanced examiners may fi nd registry information here that they were not previously aware of. Anyone working in digital forensics or incident response who has not made registry examination integral to their process must read and absorb this book. The information is vital to Windows examinations. Windows Registry Forensics easily succeeds in its mission to convey the value of integrating registry examination into the forensic process. It provides valuable information relevant to a wide range of investigations. And Mr. Carvey's conversational writing style makes the book easy to read... --Digital Forensics Magazine This guide to digital forensics on computers running the Microsoft Windows operating system provides detailed information on the analysis of the Windows registry to detect intrusion and document user actions. The work is divided into three sections beginning with an overview of the registry structure and following with a discussion of registry analysis tools and concluding with an in depth case study of a registry forensics project. Each section includes answers to frequently asked questions and a selection of references for further reading. Illustrations, code examples, tips and warning notes are provided throughout and an accompanying CD-ROM provides copies of registry analysis tools created by the author. Carvey is a computer forensics consultant. --Book News, Reference & Research
Author Information
Harlan Carvey (CISSP) is a Vice President of Advanced Security Projects with Terremark Worldwide, Inc. Terremark is a leading global provider of IT infrastructure and ""cloud computing"" services, based in Miami, FL. Harlan is a key contributor to the Engagement Services practice, providing disk forensics analysis, consulting, and training services to both internal and external customers. Harlan has provided forensic analysis services for the hospitality industry, financial institutions, as well as federal government and law enforcement agencies. Harlan's primary areas of interest include research and development of novel analysis solutions, with a focus on Windows platforms. Harlan holds a bachelor's degree in electrical engineering from the Virginia Military Institute and a master's degree in the same discipline from the Naval Postgraduate School. Harlan resides in Northern Virginia with his family.
