Difference between revisions of "Windows Registry XML"

From ForensicsWiki
Jump to: navigation, search
m
m
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
Microsoft's .reg format for representing MS Registry entries has many limitations, such as the inability to represent where registry information physically resides on the disk and the difficulty in representing Unicode. As a result, a variety of approaches have been implemented. Currently DFXML uses the [[RegXML]] standard to represent Registry entries.
 +
 
==See Also==
 
==See Also==
There are several proposals for representing Windows XML Registry entries as XML:
+
There are several open source programs that use XML to represent the Windows Registry:
  
* [[RegXML]] is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
+
* [[registryasxml]] is a Windows GUI program that exports and imports section of the Windows Registry as XML-foramtted files.
* [http://libguestfs.org/ libguestfs] contains a program called hivexml which converts Registry hives to XML. (See also http://rwmj.wordpress.com/2009/10/29/hivexget-get-values-from-a-windows-registry-hive/ for information on how to extract individual entries.)
+
* [[RegXML]] is also a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
* [http://www.componentsource.com/products/componentspace-registry-toolkit-component/prices.html ComponentSource] has a $195 .NET too that allows management, importing and exporting of the registry via XML.
+
* [[hivexml]] is a command-line utility that is part of Red Hat's [http://libguestfs.org/ libguestfs] that  converts Registry hives to XML.  
 
* [http://www.nsrl.nist.gov/Documents/aafs2008/dw-1-AAFS-2008-wired.pdf Tracking Computer Use with the Windows® Registry Dataset], Doug White, NIST.
 
* [http://www.nsrl.nist.gov/Documents/aafs2008/dw-1-AAFS-2008-wired.pdf Tracking Computer Use with the Windows® Registry Dataset], Doug White, NIST.
 
* [http://www.nsrl.nist.gov/WIRED/WIRED-060511.iso The complete set of code and and a WiReD XML difference set for steganographic applications].
 
* [http://www.nsrl.nist.gov/WIRED/WIRED-060511.iso The complete set of code and and a WiReD XML difference set for steganographic applications].
 +
 +
 +
There is one commercial program that we have found:
 +
* [http://www.componentsource.com/products/componentspace-registry-toolkit-component/prices.html ComponentSource] has a $195 .NET too that allows management, importing and exporting of the registry via XML.
  
  
 
[[Category:Digital Forensics XML]]
 
[[Category:Digital Forensics XML]]

Latest revision as of 17:14, 15 June 2013

Microsoft's .reg format for representing MS Registry entries has many limitations, such as the inability to represent where registry information physically resides on the disk and the difficulty in representing Unicode. As a result, a variety of approaches have been implemented. Currently DFXML uses the RegXML standard to represent Registry entries.

See Also

There are several open source programs that use XML to represent the Windows Registry:


There is one commercial program that we have found:

  • ComponentSource has a $195 .NET too that allows management, importing and exporting of the registry via XML.