Windows Registry

From Forensics Wiki

Revision as of 14:09, 18 November 2008 by .FUF (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Contents

1 Bibliography
2 Tools
- 2.1 Open Source
- 2.2 Commercial
3 See Also

Bibliography

Recovering Deleted Data From the Windows Registry. Timothy Morgan, DFRWS 2008 [paper] [slides]
[1]

Forensic Analysis of the Windows Registry in Memory, Brendan Dolan-Gavitt, DFRWS 2008 [slides]
Forensic Analysis of the Windows Registry, Peter Davies, Computer Forensics: Coursework 2 (student paper)
A Windows Registry Quick-Reference, Derrick Farmer, Burlington, VT.

The Windows Registry as a forensic resource, Digital Investigation, Volume 2, Issue 3, September 2005, Pages 201--205.

Forensic Analysis of the Windows Registry, Lih Wern Wong , School of Computer and Information Science, Edith Cowan University

The Windows NT Registry File Format, Timothy D. Morgan

Tools

Open Source

[2] — "small command line utility for reading and querying Windows NT-based registries."
regviewer — a tool for looking at the registry.
RegRipper — "the fastest, easiest, and best tool for registry analysis in forensics examinations."

Commercial

See Also

Windows Incident Response Articles on Registry
Windows Registry Information
Wikipedia Article on Windows Registry
Push the Red Button — Articles on Registry

Retrieved from "http://www.forensicswiki.org/w/index.php?title=Windows_Registry&oldid=4499"

Bibliographies

Personal tools

Log in / create account

About forensicswiki.org:

Toolbox