Presentation is loading. Please wait.

Presentation is loading. Please wait.

Registry Analysis What is it? What does it contain?

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Registry Analysis What is it? What does it contain?"— Presentation transcript:

1 Registry Analysis What is it? What does it contain?

2 Objectives Logical and physical structure of the Registry Format of Registry files Examination of the Registry Forensically important keys Analyzing Registry information

3 The Registry Hierarchal database Maintains configuration settings –Applications –Hardware –Devices –Users

4 Registry Access Regedit.exe – A “GUI” interface to the Registry Native to XP and above NT and 2000 has regedit.exe but with limited capablities

5 Physical Structure Binary files Stored in RAM and hard drive Limited data types

6 File Locations

7 Registry Data Types Series of nested arrays designed to store a list of resources A list of resources used by a physical HW device A list of HW resources used by a device driver

8 Logical Structure Highest Level My Computer Contains Five Root Hives Each Hive consists of Keys Each key has a set of triples Subkeys

9 Root Hives HKEY_USERS Contains all the actively loaded user profiles for the system HKEY_CURRENT_USER Is the active, loaded user profile currently logged on HKEY_LOCAL_MACHINE Contains configuration information for the system both HW and SW

10 Root Hives (cont’d) HKEY_CURRENT_CONFIG Contains the hardware profile the system uses at startup HKEY_CLASSES_ROOT Contains configuration information for which apps open which files

11 Five Root Hives

12 HKEY_USERS User Profiles

13 HKEY_CURRENT_USER Logged on user profile

14 Current User One of those listed in HKEY_USERS

15 HKEY_LOCAL_MACHINE HW and SW Configs

16 HKEY_CURRENT_CONFIG Startup Profile

17 HKEY_CLASSES_ROOT Application to File Mapping This hive is subclassed to HKCU\Software\Classes HKLM \Software\Classes

18 Registry Cell Types Key cell Key info, offsets to subkeys and LastWrite time Value cell Holds a value/name and its data Subkey list cell Series of subkey offsets Value list cell Series of offsets to value cells

19 Registry Structure Keys Subkeys Values Type Data

20 Raw Registry File Key Cell Value Cell

21

Download ppt "Registry Analysis What is it? What does it contain?"

Similar presentations

Working with the Windows Registry Computer Club of the Sandhills November 12, 2012.

Working with the Windows Registry Computer Club of the Sandhills November 12, 2012.
Your Friend and Mine The Windows Registry. What is the Registry? ► Think of as a giant 411 switchboard ► Simple idea of centralized one-stop shopping.

Your Friend and Mine The Windows Registry. What is the Registry? ► Think of as a giant 411 switchboard ► Simple idea of centralized one-stop shopping.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 3 Configuring the Windows Server 2008 Environment.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 3 Configuring the Windows Server 2008 Environment.
Configuration Files CGS2564. DOS Config.sys Device drivers Memory configuration Autoexec.bat Run programs, DOS commands, etc. Environment settings File.

Configuration Files CGS2564. DOS Config.sys Device drivers Memory configuration Autoexec.bat Run programs, DOS commands, etc. Environment settings File.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 3 IT278 Network Administration Course Name – IT278 Network Administration Instructor.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 3 IT278 Network Administration Course Name – IT278 Network Administration Instructor.
Mastering Windows Network Forensics and Investigation Chapter 8: The Registry Structure.

Mastering Windows Network Forensics and Investigation Chapter 8: The Registry Structure.
The Windows Registry Adapted from

The Windows Registry Adapted from
Chapter 3: Configuring the Windows Vista Environment.

Chapter 3: Configuring the Windows Vista Environment.
Registry Structure What is it? What does it contain?

Registry Structure What is it? What does it contain?
A+ Guide to Managing and Maintaining Your PC, 7e Chapter 14 Optimizing Windows.

A+ Guide to Managing and Maintaining Your PC, 7e Chapter 14 Optimizing Windows.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.

Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
Application Repackaging - Naushad Ali T Doddamani.

Application Repackaging - Naushad Ali T Doddamani.
Chapter 11 Basic Windows and Windows Commands. Overview of what an Operating System does To identify and use common desktop and home screen icons To manipulate.

Chapter 11 Basic Windows and Windows Commands. Overview of what an Operating System does To identify and use common desktop and home screen icons To manipulate.
Windows 9x Graphical Interface on DOS. Goals for Today Install Windows 98SE Install/Load Device Drivers Explore options, tools, configuration Network.

Windows 9x Graphical Interface on DOS. Goals for Today Install Windows 98SE Install/Load Device Drivers Explore options, tools, configuration Network.
A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e Chapter 5 Optimizing Windows.

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e Chapter 5 Optimizing Windows.
Operating System & Application Files BACS 371 Computer Forensics.

Operating System & Application Files BACS 371 Computer Forensics.
Working with the Windows XP Registry

Working with the Windows XP Registry
OS and Application Files BACS 371 Computer Forensics.

OS and Application Files BACS 371 Computer Forensics.
A+ Guide to Managing and Maintaining Your PC, 7e

A+ Guide to Managing and Maintaining Your PC, 7e

Similar presentations

Ads by Google