Registry analysis

There is a great deal of activity that occurs under the hood with the Windows operating system. One place that this activity occurs is in the Windows Registry. The Windows Registry is a database that stores the low-level system settings for the Windows operating system. This includes settings for devices, security, services, and the storage of user account security settings in the Security Accounts Manager(SAM).

The registry is made up of two elements. The first is the key.The key is a container that holds the second element, the values. These values hold the specific settings information. The highest-level key is called the root key and the Windows operating system has six root keys or registry hives, which are located ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.