11 of 11 people found the following review helpful
Fishing With Harlan,
Verified Purchase(What's this?)
This review is from: Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry (Kindle Edition)
Windows Registry Forensics is another excellent installment of Harlan's continuing research and education efforts relating to Windows forensics. In his previous work, Windows Forensic Analysis DVD Toolkit, Second Edition, Harlan covered the broader topic of Windows forensics. While he did cover registry forensics issues in his previous work, this book drills down even deeper into the subject and provides the reader with a comprehensive view of the inner workings of the Windows Registry. If you couple this book with his previous book, you essentially get Windows Forensic Analysis, Second Edition: The Director's Cut. I recommend this book to anyone who is interested in digital forensics and will be adding it to my "So you'd like to... Learn Digital Forensics" Amazon guide.
Previous reviewers such as David Nardoni have provided excellent detailed overviews of the individual chapters so I won't repeat that level of depth for this review. Harlan takes a "teach them to fish" approach in teaching the reader about the Windows Registry. If the reader is expecting a book with a laundry list of interesting Registry keys, they will walk away disappointed. This isn't to say that there isn't a tremendous amount revealed about individual keys, but it's done in the larger context of Harlan's efforts to teach the reader about the Registry in a comprehensive manner.
The first chapter is where Harlan teaches the reader about fish (the Registry). This chapter explains what the registry is and how to think about it in the context of an examination. The second chapter teachers the reader about the various fishing poles available to them such as Harlan's own RegRipper tool. The third and fourth chapters is where Harlan takes the reader fishing as he walks the reader through Registry examination using a case study approach.
Harlan is an excellent technical writer so the book flows well and the concepts are presented clearly to the reader. The pictures are large enough to show up clearly in the Kindle version of the book which I was grateful for since this is not always the case with Kindle books. My primary complaint with the book is the price especially for the Kindle edition. I don't expect technical books written for a small audience to be as inexpensive as mass market fiction, but a retail price of $69.95 is pretty steep. As I write this, the Amazon price is $62.95 for the physical version and $55.96 for the Kindle version. The price of the Kindle version is especially irritating considering it doesn't come with the DVD and doesn't require a physical distribution channel to provide it to me. In most cases (pay attention Syngress), I simply won't pay that much for a technical book unless it's something that I know is well written and will provide good value. This is one of those exceptional circumstances. Harlan is one of the few authors who I trust enough to spend that amount of money on for a book.