The Windows Registry: Part 1 - Introduction to the Windows Registry

 

The Windows Registry is a hierarchical database within which Windows stores system, hardware, software, and user settings and configurations. Since it is the central repository of such information, a proper understanding of the Registry is essential for a forensics investigator analyzing a Windows machine.

This module begins our three part discussion on the Windows Registry. Here we provide a brief introduction to the Registry by discussing its components, layout, and some examples of interesting Registry contents. The module also discusses the Windows Registry Editor, the tool which Windows provides to access and modify the Registry.

 

By: Moshe Caplan

Note: The paths are from a Windows 7 machine.

1. What is your computer's name?
Hint: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
2. What timezone are you in?
Hint: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
2. What are some programs started when your machine is booted?
Hint: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. What are some applications installed on your computer?
Hint: HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications
4. What USB devices have been plugged into your computer?
Hint: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR


You must Sign-In to post a comment.