Difference between revisions of "Windows Registry"

Revision as of 17:19, 17 November 2008

Recovering Deleted Data From the Windows Registry. Timothy Morgan, DFRWS 2008 [paper] [slides]

Forensic Analysis of the Windows Registry in Memory, Brendan Dolan-Gavitt, DFRWS 2008 [slides]
Forensic Analysis of the Windows Registry, Peter Davies, Computer Forensics: Coursework 2 (student paper)
A Windows Registry Quick-Reference, Derrick Farmer, Burlington, VT.

@@ Line 1: / Line 1: @@
+==Bibliography==
+* Recovering Deleted Data From the Windows Registry. Timothy Morgan, DFRWS 2008 [http://www.dfrws.org/2008/proceedings/p33-morgan.pdf [paper]] [http://www.dfrws.org/2008/proceedings/p33-morgan_pres.pdf [slides]]
+* [http://dfrws.org/2008/proceedings/p26-dolan-gavitt.pdf Forensic Analysis of the Windows Registry in Memory], Brendan Dolan-Gavitt, DFRWS 2008  [http://dfrws.org/2008/proceedings/p26-dolan-gavitt_pres.pdf [slides]]
+* [http://www.pkdavies.co.uk/documents/Computer_Forensics/registry_examination.pdf Forensic Analysis of the Windows Registry], Peter Davies, Computer Forensics: Coursework 2 (student paper)
+* [http://eptuners.com/forensics/A%20Windows%20Registry%20Quick%20Reference.pdf A Windows Registry Quick-Reference], Derrick Farmer, Burlington, VT.
+==Tools==
+* [http://libreg.com/ libreg] - Libreg a library for working with raw registry hives.
+* [http://sourceforge.net/projects/regviewer/ regviewer] -- a tool for looking at the registry.
+==See Also==
 * [http://www.answers.com/topic/win-registry Windows Registry Information]
-* [http://groups.yahoo.com/group/urfg/ Yahoo Groups on using the Windows Registry in Forensics]
+* [http://en.wikipedia.org/wiki/Windows_Registry Wikipedia Article on Windows Registry]
+[[Category:Bibliographies]]