Difference between revisions of "Windows Registry XML"

From Forensics Wiki
Jump to: navigation, search
m
m
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Currently DFXML uses the [[RegXML]] standard to represent Registry entries.
+
Microsoft's .reg format for representing MS Registry entries has many limitations, such as the inability to represent where registry information physically resides on the disk and the difficulty in representing Unicode. As a result, a variety of approaches have been implemented. Currently DFXML uses the [[RegXML]] standard to represent Registry entries.
 
+
  
 
==See Also==
 
==See Also==
Line 6: Line 5:
  
 
* [[registryasxml]] is a Windows GUI program that exports and imports section of the Windows Registry as XML-foramtted files.  
 
* [[registryasxml]] is a Windows GUI program that exports and imports section of the Windows Registry as XML-foramtted files.  
* [[RegXML]] is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
+
* [[RegXML]] is also a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
* [http://libguestfs.org/ libguestfs] contains a program called hivexml which converts Registry hives to XML. (See also http://rwmj.wordpress.com/2009/10/29/hivexget-get-values-from-a-windows-registry-hive/ for information on how to extract individual entries.)
+
* [[hivexml]] is a command-line utility that is part of Red Hat's [http://libguestfs.org/ libguestfs] that  converts Registry hives to XML.  
 
* [http://www.nsrl.nist.gov/Documents/aafs2008/dw-1-AAFS-2008-wired.pdf Tracking Computer Use with the Windows® Registry Dataset], Doug White, NIST.
 
* [http://www.nsrl.nist.gov/Documents/aafs2008/dw-1-AAFS-2008-wired.pdf Tracking Computer Use with the Windows® Registry Dataset], Doug White, NIST.
 
* [http://www.nsrl.nist.gov/WIRED/WIRED-060511.iso The complete set of code and and a WiReD XML difference set for steganographic applications].
 
* [http://www.nsrl.nist.gov/WIRED/WIRED-060511.iso The complete set of code and and a WiReD XML difference set for steganographic applications].

Latest revision as of 17:14, 15 June 2013

Microsoft's .reg format for representing MS Registry entries has many limitations, such as the inability to represent where registry information physically resides on the disk and the difficulty in representing Unicode. As a result, a variety of approaches have been implemented. Currently DFXML uses the RegXML standard to represent Registry entries.

See Also

There are several open source programs that use XML to represent the Windows Registry:


There is one commercial program that we have found:

  • ComponentSource has a $195 .NET too that allows management, importing and exporting of the registry via XML.