If there are any references to printed works, I have not noted them. What would have made me give a higher score? * Better source references - as it is, the source references are largely web links to Microsoft's support web site. I'd rate it at 3.5, but I do hesitate to round that up to an even four stars, as that is slightly too much, in my opinion.
![recentapps registry forensics recentapps registry forensics](https://i0.wp.com/www.digitalforensics.com/blog/wp-content/uploads/2017/10/airplane-2628591_960_720.png)
I don't mind buying it, but I will not be able to rely on it for reference, so it will end up in the bookshelf.
#Recentapps registry forensics full
In a text for more advanced users, it would have been been a serious error to omit full key/value descriptions in this type of book, it may lead to more complexity than is strictly warranted. It means, though, that the reader is more drawn into using the author's tools, and less into being able to locate the actual keys and values himself with regedit or other tools. This is a deliberate decision of the author, and may be sound enugh. The focus of these chapters, though, is on the information in the registry, not where it is located, or to what extent it can be relied on. These chapters are what beginning registry analysts want to read. Here is where the value of the registry in a forensic analysis is most clearly described. To the presumed reader, then, the main value is probably to be found in the two chapters of Case Studies. I bought the book largely on the strength of the title, myself, and while I'm not disappointed, it's not quite the book I hoped for. This is probably not obvious to the buyer - who is likely to go by the subtitle. An advanced book would probably not have omitted a description of the security descriptors on registry keys, for example. Other areas of the book, such as the description of some of the internal structures of the registry, tend to support this. This suggests the book is not so much for the advanced analyst, but more of an introduction to the area for those who are not yet proficient in analysing Registry information.
#Recentapps registry forensics windows
have no apparent idea of the forensic value of the Windows Registry' as the Preface mentions.
![recentapps registry forensics recentapps registry forensics](https://www.thedigitalforensics.com/uploads/4/7/0/5/47058929/appcompatcache_orig.png)
After having read the subtitle - Advanced Digital Forensic Analysis of the Windows Registry' - I was a bit surprised to find that this book seems to have its roots in 'the number of analysts.