Difference between revisions of "Windows Registry"

From ForensicsWiki
Jump to: navigation, search
m (added reglookup)
m
Line 15: Line 15:
 
==Tools==
 
==Tools==
 
===Open Source===
 
===Open Source===
* [http://projects.sentinelchicken.org/reglookup/] — "small command line utility for reading and querying Windows NT-based registries."
+
* [http://projects.sentinelchicken.org/reglookup/ reglookup] — "small command line utility for reading and querying Windows NT-based registries."
 
* [http://sourceforge.net/projects/regviewer/ regviewer] — a tool for looking at the registry.
 
* [http://sourceforge.net/projects/regviewer/ regviewer] — a tool for looking at the registry.
 
* [http://www.regripper.net/ RegRipper] — "the fastest, easiest, and best tool for registry analysis in forensics examinations."
 
* [http://www.regripper.net/ RegRipper] — "the fastest, easiest, and best tool for registry analysis in forensics examinations."

Revision as of 15:13, 18 November 2008

Bibliography

  • Recovering Deleted Data From the Windows Registry. Timothy Morgan, DFRWS 2008 [paper] [slides]
  • [1]

Tools

Open Source

  • reglookup — "small command line utility for reading and querying Windows NT-based registries."
  • regviewer — a tool for looking at the registry.
  • RegRipper — "the fastest, easiest, and best tool for registry analysis in forensics examinations."

Commercial

See Also