Post ID 32468

You can browse to a location in the registry and add, rename, and change data, or delete keys and values. You can use the Registry Editor program to access and configure the Windows Registry, which is a free registry editing utility included in each Microsoft Windows version by default.

It integrates both physical and digital evidence analysis. The purpose of our work is to collect the evidence through some techniques and methods from the Registry. Besides, we reviewed and classified the different types of digital crimes. Editing the registry is very similar to working with files in File Explorer.

This contains subkeys corresponding to the HKEY_CURRENT_USER keys for each user profile. This is also one of many registry hives that we have in the Windows Registry. Software All the Third-party software configurations such as plug and play drivers are stored here. This subkey contains software and Windows settings linked to the preexisting hardware profile that can be changed by various applications and system installers. This is the registry hive of the Windows Registry which consists of file extension association information, programmatic identifier (ProgID), Interface ID (IID) data, and Class ID (CLSID).

Types Of Information In The Registry

We can access and configure the Windows Registry using a Registry Editor tool, Microsoft includes a free registry editing utility along with every version of its Windows Operating System. Because Every part of the operating system continuously communicates with the Windows Registry, it must be stored in very fast storage. Hence, this database was designed for extremely fast reads and writes as well as efficient storage. That said, storing information in Windows Registry is an option for software developers.

Windows Registry

The Windows Registry (usually just called the registry) is a collection of databases that are configured in the Microsoft Windows operating systems. For example, when you install a program, a new subkey that contains settings such as program location, version, and how to start the program are all added to the Windows registry. The registry keys for the default user are stored in the file ntuser.dat within the profile, that we would have to load this as a hive using regedit to add settings for the default user.

Windows registry can be considered as one of the areas that contains valuable information about the system. Therefore, Windows registry forensics is considered as a hot research field. We proposed a new framework for computer forensics based on Windows registry analysis.