Carvey - Windows Registry Forensics
Here you can read online Carvey - Windows Registry Forensics full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2016, publisher: Elsevier Science & Technology Books;Syngress, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
Windows Registry Forensics: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Windows Registry Forensics" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry, Second Edition, provides the most in-depth guide to forensic investigations involving Windows Registry. This book is one-of-a-kind, giving the background of the Registry to help users develop an understanding of the structure of registry hive files, as well as information stored within keys and values that can have a significant impact on forensic investigations. Tools and techniques for post mortem analysis are discussed at length to take users beyond the current use of viewers and into real analysis of data contained in the Registry. This second edition continues a ground-up approach to understanding so that the treasure trove of the Registry can be mined on a regular and continuing basis. Named a Best Digital Forensics Book by InfoSec Reviews Packed with real-world examples using freely available open source tools Provides a deep explanation and understanding of the Windows Registry--perhaps the least understood and employed source of information within Windows systems Includes a companion website that contains the code and author-created tools discussed in the book Features updated, current tools and techniques Contains completely updated content throughout, with all new coverage of the latest versions of Windows.
Carvey: author's other books
Who wrote Windows Registry Forensics? Find out the surname, the name of the author of the book and a list of all author's works by series.
Carvey
Spreitzenbarth Michael
Altheide Cory
Harlan Carvey
Jerry Honeycutt
Cameron H. Malin
Paul Robichaux
Ron Petrusha
Windows Registry Forensics — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Windows Registry Forensics" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Light
Font size:
↓
↑
Reset
Interval:
↓
↑
Bookmark:
Make
Windows Registry Forensics
Advanced Digital Forensic Analysis of the Windows Registry
Second Edition
Harlan Carvey
Table of Contents
Copyright
Syngress is an imprint of Elsevier
50 Hampshire Street, 5th Floor, Cambridge, MA 02139, USA
Copyright 2016, 2011 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
ISBN: 978-0-12-803291-6
For information on all Syngress publications visit our website at https://www.elsevier.com/
Publisher: Todd Green
Acquisition Editor: Chris Katsaropoulos
Editorial Project Manager: Anna Valutkevich
Project Manager: Priya Kumaraguruparan
Designer: Matthew Limbert
Dedication
To Terri and Kylie; you are my light and my foundation
About the Author
Harlan Carvey is a senior information security researcher with the Dell SecureWorks Counter Threat UnitSpecial Ops (CTU-SO) team, where his efforts are focused on targeted threat hunting, response, and research. He continues to maintain a passion and focus in analyzing Windows systems, and in particular, the Windows Registry.
Harlan is an accomplished author, public speaker, and open source tool author. He dabbles in other activities, including home brewing and horseback riding. As a result, he has become quite adept at backing up and parking a horse trailer.
Harlan earned a bachelors degree in electrical engineering from the Virginia Military Institute and a masters degree in the same discipline from the Naval Postgraduate School. He served in the United States Marine Corps, achieving the rank of captain before departing the service. He resides in Northern Virginia with his family.
About the Technical Editor
Mari DeGrazia is a Senior Security Consultant with the Verizon RISK team, which provides Incident Response services on a global scale. During her tenure with Verizon, Mari has investigated high-profile breach cases and computer security incidents. Prior to Verizon, Mari worked civil and felony criminal cases as a digital forensics examiner which included testimony as an expert witness. Mari has a Bachelors of Science in Computer Science from Hawaii Pacific University as well as various certificates related to Digital Forensics. She is currently pursuing her Masters of Science in Digital Forensics.
Preface
I am not an expert. I dont know everything. In particular, I do not and have never claimed to be an expert at analyzing Windows systems nor in analyzing the Windows Registry. What I have done is taken all that stuff Ive got written down over the years, in different places, as well as stuff Ive found online, stuff Ive found after running malware in a VM and creating a timeline, etc., and put it into what I thought would be a logical structure. I then decided to call some of this stuff chapters, and I sent them to Mari to review and tech edit. She sent them back, I looked at her comments, decided that she was right in most cases, and sent the chapters into Syngress. They made it into a book. Thats a process, and it doesnt make me an expert at anything, especially digital forensic analysis.
When I wrote the first edition of this book, I mentioned in the preface that by 2010, I had met a good number of forensic analysts who had little apparent knowledge of the value that the Windows Registry can hold. As 2015 draws to a close and I am submitting the manuscript for the second edition of the book, the same holds true. Data within the Windows Registry can provide a great deal of context to investigations, illustrating user access to files, devices that have been attached to the system, applications that have been executed, and users that have been added to the system. Configuration settings maintained with the Registry will inform the analyst as to what they can expect to see on the system; did deleted files bypass the Recycle Bin, was the page file cleared at shutdown, and what is the effective audit policy for the system? Ive used information from the Registry to determine that a user intentionally infected a system with a remote access Trojan (RAT) and then attempted to clean up after removing the malware. Prior to sharing my findings, the popular notion was that systems infected with that RAT were the result of spear phishing.
Throughout this book, I have maintained a good deal of information specific to Windows XP and 2003 systems, because they are still out there. However, Ive included more information regarding Windows 7, as well as 8, 8.1, and Windows 10 systems, where possible. There are things that we still dont know about Windows 7 systems, and at the time of this writing, Windows 10 is still somewhat new. However, its likely that by the time the book is published and on the shelves, that holiday season would have resulted in a large number of newly purchased systems arriving with Windows 10 preinstalled. As such, there is still a great deal of research to be done, and even more to discover about Windows 10.
Again, I am not an expert, and I dont know it all; I have simply tried to include some of what Ive encountered and experienced in this book.
Intended Audience
Light
Font size:
↓
↑
Reset
Interval:
↓
↑
Bookmark:
Make
Similar books «Windows Registry Forensics»
Look at similar books to Windows Registry Forensics. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Spreitzenbarth Michael
Altheide Cory
Harlan Carvey
Jerry Honeycutt
Cameron H. Malin
Paul Robichaux
Ron Petrusha
Reviews about «Windows Registry Forensics»
Discussion, reviews of the book Windows Registry Forensics and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.