Analyzing the System Hives

Abstract

This chapter addresses many of the various keys and values within the system-wide Registry hive files that may be of importance to the analyst.

Keywords

Audit; Autostart; ControlSet; CurrentControlSet; SAM; Security; Software; System

Information in this chapter

• Artifact Categories

• Security Hive

• SAM Hive

• System Hive

• Software Hive

• AmCache Hive

Introduction

While I was working on the second edition of this book, I read through the introduction of this chapter, and realized that, for the most part, nothing about the content really changed. Most of what I’d written in the first edition has remained, for the most part, true and valid. This time, however, I wanted to present ...

Get Windows Registry Forensics, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Registry Forensics, 2nd Edition by Harlan Carvey

Analyzing the System Hives

Abstract

Keywords

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly