3

Analyzing the System Hives

Abstract

This chapter addresses many of the various keys and values within the system-wide Registry hive files that may be of importance to the analyst.

Keywords

Audit; Autostart; ControlSet; CurrentControlSet; SAM; Security; Software; System
Information in this chapter
• Artifact Categories
• Security Hive
• SAM Hive
• System Hive
• Software Hive
• AmCache Hive

Introduction

While I was working on the second edition of this book, I read through the introduction of this chapter, and realized that, for the most part, nothing about the content really changed. Most of what I’d written in the first edition has remained, for the most part, true and valid. This time, however, I wanted to present ...

Get Windows Registry Forensics, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.