Windows Registry XML
From Forensics Wiki
Revision as of 16:12, 24 April 2011 by Simsong
Currently DFXML uses the RegXML standard to represent Registry entries.
There are several open source programs that use XML to represent the Windows Registry:
- registryasxml is a Windows GUI program that exports and imports section of the Windows Registry as XML-foramtted files.
- RegXML is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
- libguestfs contains a program called hivexml which converts Registry hives to XML. (See also http://rwmj.wordpress.com/2009/10/29/hivexget-get-values-from-a-windows-registry-hive/ for information on how to extract individual entries.)
- Tracking Computer Use with the Windows® Registry Dataset, Doug White, NIST.
- The complete set of code and and a WiReD XML difference set for steganographic applications.
There is one commercial program that we have found:
- ComponentSource has a $195 .NET too that allows management, importing and exporting of the registry via XML.