The Windows Registry: Part 1 - Introduction to the Windows Registry
The Windows Registry is a hierarchical database within which Windows stores system, hardware, software, and user settings and configurations. Since it is the central repository of such information, a proper understanding of the Registry is essential for a forensics investigator analyzing a Windows machine.
This module begins our three part discussion on the Windows Registry. Here we provide a brief introduction to the Registry by discussing its components, layout, and some examples of interesting Registry contents. The module also discusses the Windows Registry Editor, the tool which Windows provides to access and modify the Registry.
By: Moshe Caplan
Note: The paths are from a Windows 7 machine.
1. What is your computer's name?
2. What timezone are you in?
2. What are some programs started when your machine is booted?
3. What are some applications installed on your computer?
4. What USB devices have been plugged into your computer?
Further information on this module can be found at the following:
Microsoft Links Discussing the Registry
Other Registry Tutorials
The Registry Editor
Backing Up the Registry
Forensics Analysis of the Registry
Related CyFor Modules
Part 2: Extracting the Registry Hives
Part 3: Registry Forensic Analysis
You must Sign-In to post a comment.