O'Reilly logo

Windows Registry Forensics by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

2. Tools
Information in This Chapter
The purpose of this chapter is to present some of the methods and tools for interacting with the Windows Registry, from both a live and “postmortem” perspective.
Keywords
Registry, analysis, RegRipper, tools, F-Response, autoruns, rip, ripxp
Introduction
Analysts faced with extracting and analyzing data from the Windows Registry may be required to do so in a number of different scenarios. During troubleshooting or incident response scenarios, administrators may want to query multiple systems for Registry data, or an analyst may want to examine Registry hives extracted from an acquired image for indications of an intrusion or violations of acceptable use policies. Regardless ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required