Are there any good books or documents that can provide me more information about the windows registry? I have the Access Data reference document which is awesome, but as you all know, there is a wealth of information in the registry and I was wondering if there was something that got down into the nitty gritty of the registry , that would help me understand it better?
Thanks.
See
http//
http//
Windows Forensics Analysis
http//
Chapter 1 Live Response Collecting Volatile Data
Chapter 2 Live Response Data Analysis
Chapter 3 Windows Memory Analysis
Chapter 4 Registry Analysis
Chapter 5 File Analysis
Chapter 6 Executable File Analysis
Chapter 7 Rootkits and Rootkit Detection
Pearl Scripts Also Included For Extracting Information
DC,
Is there anything specific that you're looking for?
Note if you find the WFA book, there's a quote…Troy Larson said that the chapter on Registry analysis alone is worth the price of the book!
I have read the Windows Forensics Analysis Book and it is filled with lots of very useful information and Pearl Scripts. It is available in PDF/Electronic Format Only. Highly Recommended. Great Reference Material To Be Used During An Investigation.
Thanks for the info.
I have read the Windows Forensics Analysis Book and it is filled with lots of very useful information and Pearl Scripts. It is available in PDF/Electronic Format Only. Highly Recommended. Great Reference Material To Be Used During An Investigation.
Just a clarification, while it is available in PDF format, it's also available in hardcopy that has a DVD.
You don't have to get the Hard Copy Book to get the DVD Files. You can download the files from the publishers website, when you purchase the PDF file. Thats what I did.
I have read the Windows Forensics Analysis Book and it is filled with lots of very useful information and Pearl Scripts.
Perl. Pearl. Whatever.
It is available in PDF/Electronic Format Only.
[GONG!] Thank you for playing! That answer is incorrect.
Highly Recommended. Great Reference Material To Be Used During An Investigation.
Thanks for the recommendation.
[GONG!] Thank you for playing! That answer is incorrect.
What does that mean?
I was able to go to the website and download what was included on the DVD.
It means that the book is NOT, in fact, only available in PDF/Electronic format. You can go to a local bookstore and purchase the hard copy, or order the hard copy book from Amazon, BookPool, etc.