2. Tools
The purpose of this chapter is to present some of the methods and tools for interacting with the Windows Registry, from both a live and “postmortem” perspective.
Keywords
Registry, analysis, RegRipper, tools, F-Response, autoruns, rip, ripxp
Introduction
Analysts faced with extracting and analyzing data from the Windows Registry may be required to do so in a number of different scenarios. During troubleshooting or incident response scenarios, administrators may want to query multiple systems for Registry data, or an analyst may want to examine Registry hives extracted from an acquired image for indications of an intrusion or violations of acceptable use policies. Regardless ...
Get Windows Registry Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.