Chapter 8 The Registry Structure

The Windows registry is a vast hierarchical database of operating system, program, and user settings. It is also a relatively obscure Windows feature in which the user rarely has any direct interaction. The Windows registry contains information that is significant for the investigators, incident responders, and forensic analysts or anyone conducting network investigations. Accordingly, to access this information and interpret its meaning, the network investigator must have a good understanding of the Windows registry.

In this chapter, you will learn to:

Understand the terms keys, values, and hive files, as well as understand how logical keys and values are mapped to and derived from physical registry hive files ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Chapter 8

The Registry Structure

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly