Windows Registry

Bibliography

• Recovering Deleted Data From the Windows Registry. Timothy Morgan, DFRWS 2008 [paper] [slides]

• Forensic Analysis of the Windows Registry in Memory, Brendan Dolan-Gavitt, DFRWS 2008 [slides]
• Forensic Analysis of the Windows Registry, Peter Davies, Computer Forensics: Coursework 2 (student paper)
• A Windows Registry Quick-Reference, Derrick Farmer, Burlington, VT.

Tools

Open Source

• regviewer -- a tool for looking at the registry.
• RegRipper --- "the fastest, easiest, and best tool for registry analysis in forensics examinations."

Commercial

• Abexo Free Regisry Cleaner
• Auslogics Registry Defrag

See Also

• Windows Incident Response Articles on Registry
• Windows Registry Information
• Wikipedia Article on Windows Registry