Eric Zimmerman's Binary Foray
Eric Zimmerman's Binary Foray
A history of all the blog posts from Binary Foray
About the Book
This book is a simple transposition of the blogs posts from Eric Zimmerman's blog, Binary Foray.
Table of Contents
- Introduction
- The First of Many
- Designing a Registry Parser
- Registry hive basics part 1
- Deleted Record Recovery Example
- Registry Explorer screenshots
- Registry hive basics part 2
- ShellBags Explorer 0.5.1.0 released!
- Registry hive basics part 3: VK records
- Registry hive basics part 4: SK records
- XWFIM and XWFRT v1.0 released!
- ShellBags Explorer v0.5.2.0 released!
- Exploring the Registry at the hex level
-
Introducing Registry Explorer
- Getting started
- ShellBags Explorer 0.5.4.0 released!
- Registry Explorer 0.0.2.0 released!
- The end of XWFRT?
- ShellBags Explorer 0.6.0.0 released!
- AppCompatCache changes in Windows 10
- Introducing AppCompatCacheParser
- AppCompatCacheParser v0.0.5.1 released
- AppCompatCacheParser v0.0.5.2 released
- ShellBags Explorer 0.6.1 released!
- Introducing RECmd!
- RECmd 0.6.0.0 released!
- RECmd 0.6.1.0 released!
-
Reintroducing Registry Explorer and RECmd!
- RECmd
- Registry Explorer
- Registry Explorer/RECmd 0.7.1.0 released!
- Introducing bstrings, a Better Strings utility!
- bstrings 0.9.0.0 released
- bstrings 0.9.5.0 released
- AmcacheParser: Reducing the noise, finding the signal
- A few updates
- Registry hive basics part 5: Lists
- bstrings 0.9.7.0 released
- bstrings 0.9.8.0 released
- XWFIM version 1.5 available!
- Registry Explorer plugin overview
- Registry values starting with a NULL character
- Windows Prefetch parser in C#
- Introducing PECmd!
- PECmd v0.6.0.0 released
- bstrings 0.9.9.0 released!
- bstrings 1.0 released!
- Introducing LECmd!
- LECmd v0.6.0.0 released!
- Jump lists in depth: Understand the format to better understand what your tools are (or aren’t) doing
- Introducing JLECmd!
- PECmd, LECmd, and JLECmd updated!
- LECmd and JLECmd updated
- bstrings v1.1 released!
- AppCompatCacheParser v0.9.0.0 released and some AppCompatCache/shimcache parser testing
- Registry Explorer 0.8.1.0 released!
- Workflow overview
- Let the benchmarks hit the floor: Autopsy vs Encase vs FTK vs X-Ways (in depth testing)
- JLECmd v0.9.6.0 released
- Benchmark followup: Big(ger) data and Raw vs E01
- ShellBags Explorer v0.8.0.0 released!
- ShellBags Explorer 0.9.0.0 released!
- Windows 10 Creators update vs shimcache parsers: Fight!!
- Introducing Timeline Explorer v0.4.0.0
- Timeline Explorer 0.5.0.0 released
- Registry Explorer v0.9.0.0 released!
- ShellBags Explorer 0.9.5.0 released!
- (Am)cache still rules everything around me (part 2 of 1)
- Timeline Explorer 0.6.0 released!
- Introducing SDB Explorer
- Updates to the left of me, updates to the right of me, version 1 releases are here (for the most part)
- Introducing WxTCmd!
- A fluery of updates!
- Introducing MFTECmd!
- MFTECmd v0.2.6.0 released
- Introducing VSCMount
- Everything gets an update, Sept 2018 edition
- MFTECmd 0.3.6.0 released
- Registry Explorer and RECmd 1.2.0.0 released!
- Locked file support added to AmcacheParser, AppCompatCacheParser, MFTECmd, ShellBags Explorer (and SBECmd), and Registry Explorer (and RECmd)
- Introducing KAPE!
- KAPE v0.8.1.0 released!
- KAPE v0.8.2.0 released!
- KAPE 0.8.3.0 released
- Introducing EvtxECmd!!
- KAPE 0.8.6.1 released
- KAPE 0.8.7.0 released!
- KAPE 0.9.2.0 released!
Other books by these authors
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $14 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them