![]() HKEY_LOCAL_MACHINE hive contains a vast configuration information for the system, including hardware settings and software settings.HKEY_CURRENT_USER hive is the active, loaded user profile for the currently logged-on-user.HKEY_CLASSES_ROOT hive contains configuration information relating to which application is used to open various files on the system.When the administrator or Forensics expects opens Regedit.exe, he sees a tree-like structure with five root folders, or “hives”. Various settings within these files determined what programs were loaded and how the system looked and responded to user input, Later versions of windows replaced these files with the Registry, a central hierarchical database that maintains configuration settings for the application, hardware devices, and users. ![]() If you remember back to DOS and early versions of Windows(3.1,3.11 and so on ), configuration information (drivers, settings) for the system was largely managed by several files-specifically, autoexec.bat, config.sys, win.ini (on windows)and system.ini. The truth is that the Registry is a veritable goldmine of information for both the administrator and forensics investigator. ![]() Today most administrators and forensic analysts, the registry probably looks like the entrance to a dark.īesides Configuration information, the Windows Registry holds information regarding recently accessed files and considerable information about user activities. The purpose of this article is to provide you with a depth understanding of the Windows Registry and Wealth of information it holds. ![]()
0 Comments
Leave a Reply. |