1. Registry Analysis
Information in This Chapter
This chapter provides an overview of what Registry analysis should consist of and an initial foundation for understanding the binary and logical structure of the Windows Registry.
Keywords
Registry, analysis, Locard, structure, keys, values
Introduction
The Windows Registry is a core component of the Windows operating systems, and it maintains a considerable amount of configuration information about the system. In addition, the Registry maintains historical information about user activity; in order to provide the user with a “better”, more personalized experience, the Registry maintains details about applications ...
Get Windows Registry Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
