14READING OFFLINE REGISTRY HIVES

image

The Windows NT registry is a gold mine of information for useful data such as patch levels and password hashes. And that information isn’t just useful for offensive pentesters looking to exploit a network; it’s also useful for anyone in the incident response or data forensics area of information security.

Say, for example, you’re handed the hard drive of a computer that has been breached and you need to find out what happened. What do you do? Being able to read key information from the hard drive regardless of whether Windows can run is imperative. The Windows registry is actually a collection of files on the disk, ...

Get Gray Hat C# now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.