Cover image
Title page
Copyright
Dedication
About the Author
About the Technical Editor
Preface
Acknowledgments
1. Registry Analysis
Introduction
Core Analysis Concepts
What Is the Windows Registry?
Registry Structure
Summary
2. Processes and Tools
Forensic Analysis
3. Analyzing the System Hives
Artifact Categories
Security Hive
SAM Hive
System Hive
Software Hive
AmCache Hive
4. Case Studies: User Hives
NTUSER.DAT
USRCLASS.DAT
5. RegRipper
What Is RegRipper?
Getting the Most Out of RegRipper
Index