3. Case Studies
Information in This Chapter
This chapter addresses many of the various keys and values within the system-wide Registry hive files that may be of importance to the analyst.
SAM, Security, audit, System, CurrentControlSet, ControlSet, Software, Autostart
When I sat down to write this book, I was aware that for most folks, providing spreadsheets, tables, and lists of Registry keys and values would not be an entirely effective means of communicating and sharing information about Registry analysis. In fact, after writing the first edition of Windows Forensic Analysis (Syngress Publishing, published in 2007, a.k.a., WFA), it was pretty clear ...