Difference between revisions of "Windows Registry XML"

From Forensics Wiki
Jump to: navigation, search
m
m
Line 7: Line 7:
 
* [[registryasxml]] is a Windows GUI program that exports and imports section of the Windows Registry as XML-foramtted files.  
 
* [[registryasxml]] is a Windows GUI program that exports and imports section of the Windows Registry as XML-foramtted files.  
 
* [[RegXML]] is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
 
* [[RegXML]] is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
* [http://libguestfs.org/ libguestfs] contains a program called hivexml which converts Registry hives to XML. (See also http://rwmj.wordpress.com/2009/10/29/hivexget-get-values-from-a-windows-registry-hive/ for information on how to extract individual entries.)
+
* [[hivexml]] is a command-line utility that is part of Red Hat's [http://libguestfs.org/ libguestfs] that  converts Registry hives to XML.  
 
* [http://www.nsrl.nist.gov/Documents/aafs2008/dw-1-AAFS-2008-wired.pdf Tracking Computer Use with the Windows® Registry Dataset], Doug White, NIST.
 
* [http://www.nsrl.nist.gov/Documents/aafs2008/dw-1-AAFS-2008-wired.pdf Tracking Computer Use with the Windows® Registry Dataset], Doug White, NIST.
 
* [http://www.nsrl.nist.gov/WIRED/WIRED-060511.iso The complete set of code and and a WiReD XML difference set for steganographic applications].
 
* [http://www.nsrl.nist.gov/WIRED/WIRED-060511.iso The complete set of code and and a WiReD XML difference set for steganographic applications].

Revision as of 16:29, 24 April 2011

Currently DFXML uses the RegXML standard to represent Registry entries.


See Also

There are several open source programs that use XML to represent the Windows Registry:


There is one commercial program that we have found:

  • ComponentSource has a $195 .NET too that allows management, importing and exporting of the registry via XML.