Hi, I’m after some help please.
I’m doing my MSc project which is about the internal, bits and bytes, structure of Windows Registry files.
I need to review the academic work done in this area. I’ve found the following peer-reviewed journals that carry Forensic material.
Digital Forensic Research Workshop
Digital Investigation
International Journal of Digital Evidence
Journal of Digital Forensic Practice
Journal of Digital Forensics, Security and Law
Small Scale Digital Device Forensics Journal
Can anyone think of any other, peer-reviewed journals, that does or might carry relevant material?
I'm hoping to build on the excellent work done in this field by Harlan Carvey, Petter Nordahl-Hagen, the authors of CHNTPWD the Perl Module Wing32Registry and others. If anyone’s got any pointers I'd be interested to hear them.
Many Thanks
Pete
Pete,
Have you spoken to Malcom Elder in the Shrivenham Library - he is the specialist for the Forensic Computing group, and I've found him very knowledgeable … ( pm me if you want his e-mail address … )
Azrael
To be honest, I can't think of any of my stuff that's appeared in any of those journals that would be of help to what you're doing…same holds true with Petter's stuff.
I did have some peer-reviewed stuff published in the Information Security Bulletin out of Denmark several years ago, though…
> …Perl Module Wing32Registry…
Never heard of it.
I'd be interested in knowing more about what you're looking at doing. My original Offline Registry Parser code was based in part on Petter's stuff, and then I moved over to James McFarlane's ParseWin32Registry module, which I believe is *also* based in part on Petter's stuff. There're also some good links at MS (Russinovich's stuff) and at the "Push the Red Button" blog on cell structures.
So…what is it specifically that you're looking at doing? There's already someone out there working on a master's thesis that involves Registry slack space…that should be available in Nov 2008.