Understanding Registry Concepts

What most users know about the registry is that it is something ugly and complicated that they aren’t supposed to touch for fear of corrupting their system. For most users, that is both sufficient knowledge and good advice. For the network investigator, however, the registry is a vast repository of evidence, and that makes it something that the investigator must understand and be comfortable navigating and searching.

One of the first questions, then, is what is the registry? The Windows registry is a central repository or, more specifically, a hierarchical database of configuration data for the operating system and most of its programs. While creating a convenient central location for this data, it also creates ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.