O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using EnCase to View the Registry

EnCase is a computer forensics tool used by many computer forensic examiners and intrusion investigators. Depending on your environment, you may be doing both the computer forensics and the network investigation. In other environments, the functions are segregated. Regardless, if you have EnCase available, it is an excellent tool to use to examine the Windows registry.

Examining Information Manually

Registry hive files are compound files that are mountable in EnCase. Within EnCase version 6 (we’ll talk about version 7 later in this chapter), you can mount these files by right-clicking the registry file’s name and choosing View File Structure from the pop-up menu. Before you mount the file, however, you must first ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required