Harlan Carvey - Windows Registry Forensics
Here you can read online Harlan Carvey - Windows Registry Forensics full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2011, publisher: Syngress, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Windows Registry Forensics
- Author:
- Publisher:Syngress
- Genre:
- Year:2011
- Rating:5 / 5
- Favourites:Add to favourites
- Your mark:
Windows Registry Forensics: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Windows Registry Forensics" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Harlan Carvey: author's other books
Who wrote Windows Registry Forensics? Find out the surname, the name of the author of the book and a list of all author's works by series.
Windows Registry Forensics — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Windows Registry Forensics" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
Windows Registry Forensics
Advanced Digital
Forensic Analysis of the
Windows Registry
This page intentionally left blank
Windows Registry Forensics
Advanced Digital
Forensic Analysis of the
Windows Registry
Harlan Carvey
Dave Hull, Technical Editor
AMSTERDAM BOSTON HEIDELBERG LONDON
NEW YORK OXFORD PARIS SANDIEGO SANFRANCISCO
SINGAPORE SYDNEY TOKYO
Syngress is an imprint of Elsevier
Acquiring Editor: Angelina Ward
Development Editor: Heather Scherer
Project Manager: Danielle S. Miller
Designer: Kristen Davis
Syngress is an imprint of Elsevier
30CorporateDrive,Suite400,Burlington,MA01803,USA
2011Elsevier,Inc.Allrightsreserved.
Nopartofthispublicationmaybereproducedortransmittedinanyformorbyanymeans,electronicormechanical, includingphotocopying,recording,oranyinformationstorageandretrievalsystem,withoutpermissioninwriting fromthepublisher.Detailsonhowtoseekpermission,furtherinformationaboutthePublisherspermissionspolicies andourarrangementswithorganizationssuchastheCopyrightClearanceCenterandtheCopyrightLicensing Agency,canbefoundatourwebsite: www.elsevier.com/permissions.
Thisbookandtheindividualcontributionscontainedinitareprotectedundercopyrightbythe Publisher(otherthanasmaybenotedherein).
Notices
Knowledgeandbestpracticeinthisfieldareconstantlychanging.Asnewresearchandexperiencebroadenour understanding,changesinresearchmethodsorprofessionalpractices,maybecomenecessary.Practitionersand researchersmustalwaysrelyontheirownexperienceandknowledgeinevaluatingandusinganyinformationor methodsdescribedherein.Inusingsuchinformationormethodstheyshouldbemindfuloftheirownsafetyand thesafetyofothers,includingpartiesforwhomtheyhaveaprofessionalresponsibility.
Tothefullestextentofthelaw,neitherthePublishernortheauthors,contributors,oreditors,assumeanyliabilityfor anyinjuryand/ordamagetopersonsorpropertyasamatterofproductsliability,negligenceorotherwise,orfrom anyuseoroperationofanymethods,products,instructions,orideascontainedinthematerialherein.
Library of Congress Cataloging-in-Publication Data
Carvey,HarlanA.
WindowsRegistryForensics:AdvancedDigitalForensicAnalysisoftheWindowsRegistry/HarlanCarvey.
p.cm.
Includesbibliographicalreferences.
ISBN978-1-59749-580-6(pbk.)
1.MicrosoftWindows(Computerfile)2.Operatingsystems(Computers)3.ComputercrimesInvestigation
Methodology.4.ComputernetworksSecuritymeasures.5.Computersecurity.6.Componentsoftware.I.Title.
HV8079.C65C3732011
363.2562dc22
2010043198
British Library Cataloguing-in-Publication Data
AcataloguerecordforthisbookisavailablefromtheBritishLibrary.
ISBN:978-1-59749-580-6
PrintedintheUnitedStatesofAmerica
1011121314 10987654321
Typeset by:diacriTech,Chennai,India
ForinformationonallSyngresspublicationsvisitourwebsiteat www.syngress.comDedication
ToTerriandKylie;youaremylightandmyfoundation.
This page intentionally left blank
Contents vii
Contents
Preface..................................................... ix Acknowledgments............................................ xv About the Author............................................ xvii Chapter 1 Registry Analysis.........................................1
Introduction.................................................. 1
What Is Registry Analysis?.................................... 3
What Is the Windows Registry?................................. 14
Registry Structure............................................ 23
Summary................................................... 32
Frequently Asked Questions.................................... 32
References.................................................. 33
Chapter 2 tools...................................................35
Introduction................................................. 35
Live Analysis................................................ 36
Summary................................................... 80
Frequently Asked Questions.................................... 81
References.................................................. 82
Chapter 3 Case studies: the system................................85
Introduction................................................. 85
Security and SAM Hives....................................... 86
System Hive................................................ 102
Software Hive............................................... 124
BCD Hive................................................... 150
Summary.................................................. 152
Frequently Asked Questions................................... 153
References................................................. 155
viii Contents
Chapter 4 Case studies: tracking User Activity......................159
Introduction................................................ 159
Tracking User Activity........................................ 161
Scenarios.................................................. 195
Summary.................................................. 201
References................................................. 201
Index...................................................... 203
PrefaCe ix
Iamnotanexpert.Ihaveneverclaimedtobeanexpertatanything (atleastnotseriouslydoneso),leastofallanexpertinforensic analysis. I am not an expert inWindows Registry analysis. I am simply, by profession, a responder and analyst with some work and research experience in this area. I have also performed a number of analysis engagements, in which information found aspartofRegistryanalysishasplayedarathersignificantrole.In one such engagement, Registry analysis allowed me to provide acompellingargumenttodemonstratethatfilesknowntocontaincreditcarddatahadbeenneitherfoundnoraccessedbyan intruder,therebyreducingthesubsequentcosts(withrespectto notificationandfines)tothecustomer.Ihaveassistedwithproviding information to demonstrate that certain user accounts had been used to access certain files. More importantly, I have workedthroughtheprocessofsharingwhatIhaveseenwithothers, by writing this book and sharing what Ive observed from a practitionersperspective.Iamnotanexpert.
WhenIsatdowntowritethisbook,Ididsobecauseevenin theyear2010,Iamamazedatthenumberofanalystswithwhom I speak that have no apparent idea of the forensic value of the Windows Registry. Sometimes, when I talk to someone about demonstratingthatauseraccountwasusedtoviewfiles,Igeta blank stare. Or after talking about tracking USB devices across systems and no one asks any questions, I get approached by a dozen of the folks from the presentation, between the podium and my exit. It seems that, in many instances, the abandon hope,allyewhoenterherewarningthatMicrosoftdisplayson itsknowledgebasearticlesregardingtheRegistryreallydoagood job... of keeping the good guysout,aswellasfromdigging
or investigating. Sadly, theres nothing in that admonition that states,oh, yeah... the bad guys are all up in yer Registry! As aresult,manyanalystsareconsistentlybehindthepowercurve, learning from the bad guys the new uses for the Registry (persistence,dataandexecutablestorage,andsoon),oftenmonths aftertheyhavebeenestablishedandused.
Next pageFont size:
Interval:
Bookmark:
Similar books «Windows Registry Forensics»
Look at similar books to Windows Registry Forensics. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Windows Registry Forensics and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.