Difference between revisions of "Windows Registry"

From Forensics Wiki
Jump to: navigation, search
(reglookup, regviewer already mentioned on this page)
m (Open Source)
Line 33: Line 33:
 
* [http://sourceforge.net/projects/regviewer/ regviewer] — a tool for looking at the registry.
 
* [http://sourceforge.net/projects/regviewer/ regviewer] — a tool for looking at the registry.
 
* [http://www.regripper.net/ RegRipper] — "the fastest, easiest, and best tool for registry analysis in forensics examinations."
 
* [http://www.regripper.net/ RegRipper] — "the fastest, easiest, and best tool for registry analysis in forensics examinations."
 +
* [http://search.cpan.org/~jmacfarla/Parse-Win32Registry-0.51/lib/Parse/Win32Registry.pm Parse::Win32Registry] perl module.
 +
 
===Commercial===
 
===Commercial===
 
* [http://www.abexo.com/free-registry-cleaner.htm Abexo Free Regisry Cleaner]
 
* [http://www.abexo.com/free-registry-cleaner.htm Abexo Free Regisry Cleaner]

Revision as of 11:54, 1 January 2010

Contents

Bibliography

File Locations

Windows XP

  • HKEY_USERS: \Documents and Setting\User Profile\NTUSER.DAT
  • HKEY_USERS/DEFAULT: \Windows\system32\config\default
  • HKEY_LOCAL_MACHIN/SAM: \Windows\system32\config\SAM
  • HKEY_LOCAL_MACHINE/SECURITY: \Windows\system32\config\SECURITY
  • HKEY_LOCAL_MACHINE/SOFTWARE: \Windows\system32\config\software
  • HKEY_LOCAL_MACHINE/SYSTEM: \Windows\system32\config\system

Windows 98/ME

  • \Windows\user.dat
  • \Windows\system.dat
  • \Windows\profiles\user profile\user.dat

Tools

Open Source

  • reglookup — "small command line utility for reading and querying Windows NT-based registries."
  • regviewer — a tool for looking at the registry.
  • RegRipper — "the fastest, easiest, and best tool for registry analysis in forensics examinations."
  • Parse::Win32Registry perl module.

Commercial

See Also