Forensic Analysis of the Windows Registry
Windows 9x/ME, Windows CE, Windows NT/2000/XP/2003 store configuration data in registry. It is a central repository for configuration data that is stored in a hierarchical manner. System, users, applications and hardware in Windows make use of the registry to store their configuration and it is constantly accessed for reference during their operation.
The registry is introduced to replace most text-based configuration files used in Windows 3.x and MS-DOS, such as .ini files, autoexec.bat and config.sys. Due to the vast amount of information stored in Windows registry, the registry can be an excellent source for potential evidential data. For instance, windows registry contains information on user accounts, typed URLs, network shared, and Run command history. Aspects discussed in this paper are based solely on Windows XP (Service Pack 2) registry. Forensic Focus › Content › Papers › Forensic Analysis of the Windows Registry
Back to: PC Security, privacy news