Processes and Tools

Abstract

The purpose of this chapter is to discuss how to perform analysis of the Windows Registry from a “postmortem” perspective.

Keywords

Analysis; Autoruns; Registry; RegRipper; Rip; Tools

Information in this chapter

• Forensic Analysis

Introduction

When I sat down to address and update/rewrite this chapter for the second edition of the book, I wanted to do two things. First, I removed the “Live Analysis” section of the chapter. The reason for this was that for digital forensic analysis, we’re not accessing live systems; access to live systems most often occurs during enterprise incident response, and many organizations already have a capability for accessing the Windows Registry on live systems during ...

Get Windows Registry Forensics, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Registry Forensics, 2nd Edition by Harlan Carvey

Processes and Tools

Abstract

Keywords

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly