Windows Registry Forensic Analysis
Based on some comments I received from folks who reviewed WFA 2/e, I am strongly considering writing a book on Windows Registry Forensic Analysis...and I'll probably use that as the title! ;-)
I'm working on a proposal now, and one of the things I'm doing is including those things from previous books that have been successful...in particular, writing style, use of demonstrations, short case studies, and generally trying to show how this information can be used to further an investigation. My goal is to be a thorough as possible, providing information on format and structure, how to monitor the Registry, and provide as much information as I can with respect to keys and values that are (should be) of interest for examinations.
One of the issues I'm sure I'll run into is that same one I've run into with respect to WFA 2/e...there are folks out there who expect certain things to be in the book, but don't (a) realize that I can't do everything without assistance, or (b) don't voice that expectation until after the book is published.
So, here's your chance...if you were shopping for a book on Registry Analysis, what would you be looking for with respect to content?
I've already received emails from folks who say that they're looking for information on P2P applications, without saying which ones. There's already information available on a lot of topics such as P2P artifacts, and I understand that part of the problem is that this information isn't all in one place...but the way to make things like this a real success is to get input from folks in the community. As was discussed at the Summit last week, there really hasn't been a great number of requests for plugins or anything over at the RegRipper site...
I'm working on a proposal now, and one of the things I'm doing is including those things from previous books that have been successful...in particular, writing style, use of demonstrations, short case studies, and generally trying to show how this information can be used to further an investigation. My goal is to be a thorough as possible, providing information on format and structure, how to monitor the Registry, and provide as much information as I can with respect to keys and values that are (should be) of interest for examinations.
One of the issues I'm sure I'll run into is that same one I've run into with respect to WFA 2/e...there are folks out there who expect certain things to be in the book, but don't (a) realize that I can't do everything without assistance, or (b) don't voice that expectation until after the book is published.
So, here's your chance...if you were shopping for a book on Registry Analysis, what would you be looking for with respect to content?
I've already received emails from folks who say that they're looking for information on P2P applications, without saying which ones. There's already information available on a lot of topics such as P2P artifacts, and I understand that part of the problem is that this information isn't all in one place...but the way to make things like this a real success is to get input from folks in the community. As was discussed at the Summit last week, there really hasn't been a great number of requests for plugins or anything over at the RegRipper site...