Analyzing the System Hives


This chapter addresses many of the various keys and values within the system-wide Registry hive files that may be of importance to the analyst.


Audit; Autostart; ControlSet; CurrentControlSet; SAM; Security; Software; System
Information in this chapter
• Artifact Categories
• Security Hive
• SAM Hive
• System Hive
• Software Hive
• AmCache Hive


While I was working on the second edition of this book, I read through the introduction of this chapter, and realized that, for the most part, nothing about the content really changed. Most of what I’d written in the first edition has remained, for the most part, true and valid. This time, however, I wanted to present ...

Get Windows Registry Forensics, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.