Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Windows Forensics Cookbook Over 60 practical recipes to acquire memory data and analyze systems with the latest Windows forensic tools

Product type Paperback

Published in Aug 2017

Publisher

ISBN-13 9781784390495

Length 274 pages

Edition 1st Edition

Tools

Windows OS

Concepts

Forensics

Authors (2):

Oleg Skulkin

Scar de Courcier

View More author details

Table of Contents (13) Chapters

Preface

1. Digital Forensics and Evidence Acquisition FREE CHAPTER

2. Windows Memory Acquisition and Analysis

3. Windows Drive Acquisition

4. Windows File System Analysis

5. Windows Shadow Copies Analysis

6. Windows Registry Analysis

7. Main Windows Operating System Artifacts

8. Web Browser Forensics

9. Email and Instant Messaging Forensics

10. Windows 10 Forensics

11. Data Visualization

12. Troubleshooting in Windows Forensic Analysis

Introduction

The Windows Registry is one of the richest sources of digital evidence. You can find lots of extremely useful pieces of information during examination of the Registry hives and keys. Computer configurations, recently visited webpages and opened documents, connected USB devices, and many other artifacts can all be acquired through Windows Registry forensic examination.

The Registry has a tree structure. Each tree consists of keys, and each key may have one or more subkeys and values.

As forensic examiners usually deal with drive images, it's very important to know where these registry files are stored. The first six files are located at C:\Windows\System32\config. These files are:

COMPONENTS
DEFAULT
SAM
SECURITY
SOFTWARE
SYSTEM

There are also two files for each user account:

NTUSER.DAT, located at C:\Users\%Username%\
UsrClass.dat, located at C:\Users\%Username...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (2)

de Courcier

Scar de Courcier is Senior Editor at digital forensics website Forensic Focus. She also works as an independent consultant on online and offline child protection projects. In her spare time, she enjoys swimming, pretending she lives on the USS Voyager, and hanging out with her cat.

See other products by de Courcier

Oleg Skulkin

Oleg Skulkin is the Head of Digital Forensics and Malware Analysis Laboratory at Group-IB. Oleg has worked in the fields of digital forensics, incident response, and cyber threat intelligence and research for over a decade, fueling his passion for uncovering new techniques used by hidden adversaries. Oleg has authored and co-authored multiple blog posts, papers, and books on related topics and holds GCFA and GCTI certifications.

See other products by Oleg Skulkin