Difference between revisions of "Windows Registry XML"

From ForensicsWiki
Jump to: navigation, search
m
(See Also: Note ambiguity)
(4 intermediate revisions by one other user not shown)
Line 1: Line 1:
 +
Currently DFXML uses the [[RegXML]] standard to represent Registry entries.
 +
 +
 
==See Also==
 
==See Also==
There are several proposals for representing Windows XML Registry entries as XML:
+
There are several open source programs that use XML to represent the Windows Registry:
  
* [[RegXML]] is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
+
* [[registryasxml]] is a Windows GUI program that exports and imports section of the Windows Registry as XML-foramtted files.
* [http://libguestfs.org/ libguestfs] contains a program called hivexml which converts Registry hives to XML. (See also http://rwmj.wordpress.com/2009/10/29/hivexget-get-values-from-a-windows-registry-hive/ for information on how to extract individual entries.)
+
* [[RegXML]] is also a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
* [http://www.componentsource.com/products/componentspace-registry-toolkit-component/prices.html ComponentSource] has a $195 .NET too that allows management, importing and exporting of the registry via XML.
+
* [[hivexml]] is a command-line utility that is part of Red Hat's [http://libguestfs.org/ libguestfs] that  converts Registry hives to XML.  
 
* [http://www.nsrl.nist.gov/Documents/aafs2008/dw-1-AAFS-2008-wired.pdf Tracking Computer Use with the Windows® Registry Dataset], Doug White, NIST.
 
* [http://www.nsrl.nist.gov/Documents/aafs2008/dw-1-AAFS-2008-wired.pdf Tracking Computer Use with the Windows® Registry Dataset], Doug White, NIST.
 
* [http://www.nsrl.nist.gov/WIRED/WIRED-060511.iso The complete set of code and and a WiReD XML difference set for steganographic applications].
 
* [http://www.nsrl.nist.gov/WIRED/WIRED-060511.iso The complete set of code and and a WiReD XML difference set for steganographic applications].
  
  
[[Category:XML Forensics]]
+
There is one commercial program that we have found:
 +
* [http://www.componentsource.com/products/componentspace-registry-toolkit-component/prices.html ComponentSource] has a $195 .NET too that allows management, importing and exporting of the registry via XML.
 +
 
 +
 
 +
[[Category:Digital Forensics XML]]

Revision as of 19:34, 15 March 2012

Currently DFXML uses the RegXML standard to represent Registry entries.


See Also

There are several open source programs that use XML to represent the Windows Registry:


There is one commercial program that we have found:

  • ComponentSource has a $195 .NET too that allows management, importing and exporting of the registry via XML.