- Paperback: 216 pages
- Publisher: Syngress; 2 edition (April 8, 2016)
- Language: English
- ISBN-10: 012803291X
- ISBN-13: 978-0128032916
- Product Dimensions: 7.5 x 0.5 x 9.2 inches
- Shipping Weight: 1.2 pounds (View shipping rates and policies)
- Average Customer Review: 26 customer reviews
- Amazon Best Sellers Rank: #676,923 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Windows Registry Forensics, Second Edition: Advanced Digital Forensic Analysis of the Windows Registry 2nd Edition
Use the Amazon App to scan ISBNs and compare prices.
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Frequently bought together
Customers who viewed this item also viewed
About the Author
Harlan Carvey is a senior information security researcher with the Dell SecureWorks Counter Threat Unit - Special Ops (CTU-SO) team, where his efforts are focused on targeted threat hunting, response, and research. He continues to maintain a passion and focus in analyzing Windows systems, and in particular, the Windows Registry.
Harlan is an accomplished author, public speaker, and open source tool author. He dabbles in other activities, including home brewing and horseback riding. As a result, he has become quite adept at backing up and parking a horse trailer.
Harlan earned a bachelor’s degree in electrical engineering from the Virginia Military Institute, and a master’s degree in the same discipline from the Naval Postgraduate School. He served in the United States Marine Corps, achieving the rank of captain before departing the service. He resides in Northern Virginia with his family.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
With Harlan Carvey, computer forensics is science predicated upon art - and hard work.
Few people outside this small craft are equipped to appreciate what computer forensics is - and I am not about to attempt explaining the full scope of computer forensics in this limited space.
Suffice it to say that a primary objective of computer forensics is the hunt for data.
Those who do this for a living know that no two situations are the same and thus practitioners must have broad knowledge of operating systems, particularly Microsoft Windows.
And working in the innards of Windows isn't for sissies.
Harlan Carvey is among the few practitioners who write for the trade. He is an accomplished Perl scripter and one of his tools, RegRipper, is widely used.
Here, Harlan attempts to explain how to conduct forensic analysis of the Windows Registry. The Registry is never-never land for most of the computer forensic "experts" I've known. Not long ago, I assisted a client in obtaining a large settlement because the opposing expert paid no attention to the Registry and I did.
Carvey explains the Registry in a systematic manner. He begins with an overview of Registry analysis which I think Is too short, but in fact is probably going to be overkill for most because they simply don't get it. He moves on to Registry analysis tools and then case studies. Overall, for those with little or no understanding of Windows Registry, it is probably a good introduction. I remember way back when the Registry was introduced and then had its functionality extended in Windows 95. Little information was available from Microsoft and those of us in the field had to learn Registry the hard way. Today, people like Harlan are developing tools for Registry analysis and writing books explaining how to do it. Pretty neat.
Harlan has done his homework in gathering information on the Registry and he obviously understands it well enough to write fine tool with which to analyze it.
Yet, I would say that this book is not suitable for beginners in computer forensics because there is so much else to know about operating systems and file systems before you can grasp what the Registry is all about. By the same token, the book will provide only tidbits for those who have been doing serious computer forensics for several years.
Carvey's writing style is smooth, though the editors at Syngress might consider taking a refresher course.
Overall, despite the high price of the book, I think any serious practitioner of computer forensics would realize some benefit from reading this book.
each part of the Binary. And, tons of examples of what changes when the data is altered and what each change makes. Real time effects for actual changes in Windows 7, 8, & 10. XP is over with. A lot of actual examples would be helpful and very useful. This would make for a book I
could really use on a regular basis.