Difference between revisions of "Windows Registry XML"

From Forensics Wiki
Jump to: navigation, search
m
m
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
Currently DFXML uses the [[RegXML]] standard to represent Registry entries.
+
Microsoft's .reg format for representing MS Registry entries has many limitations, such as the inability to represent where registry information physically resides on the disk and the difficulty in representing Unicode. As a result, a variety of approaches have been implemented. Currently DFXML uses the [[RegXML]] standard to represent Registry entries.
 
+
  
 
==See Also==
 
==See Also==
Line 6: Line 5:
  
 
* [[registryasxml]] is a Windows GUI program that exports and imports section of the Windows Registry as XML-foramtted files.  
 
* [[registryasxml]] is a Windows GUI program that exports and imports section of the Windows Registry as XML-foramtted files.  
* [[RegXML]] is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
+
* [[RegXML]] is also a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
 
* [[hivexml]] is a command-line utility that is part of Red Hat's [http://libguestfs.org/ libguestfs] that  converts Registry hives to XML.  
 
* [[hivexml]] is a command-line utility that is part of Red Hat's [http://libguestfs.org/ libguestfs] that  converts Registry hives to XML.  
 
* [http://www.nsrl.nist.gov/Documents/aafs2008/dw-1-AAFS-2008-wired.pdf Tracking Computer Use with the Windows® Registry Dataset], Doug White, NIST.
 
* [http://www.nsrl.nist.gov/Documents/aafs2008/dw-1-AAFS-2008-wired.pdf Tracking Computer Use with the Windows® Registry Dataset], Doug White, NIST.

Latest revision as of 17:14, 15 June 2013

Microsoft's .reg format for representing MS Registry entries has many limitations, such as the inability to represent where registry information physically resides on the disk and the difficulty in representing Unicode. As a result, a variety of approaches have been implemented. Currently DFXML uses the RegXML standard to represent Registry entries.

See Also

There are several open source programs that use XML to represent the Windows Registry:


There is one commercial program that we have found:

  • ComponentSource has a $195 .NET too that allows management, importing and exporting of the registry via XML.