Uploaded byrochellsamson
PPTX, PDF116 views

RegEdit

RegEdit is a tool that allows users to view and edit the Windows registry. The registry is a database that stores configuration settings for hardware, software, users, and Windows components. It contains important information for the proper functioning of Windows. The registry consists of hierarchical hives that store settings for different components, like the file system, users, currently logged in user, and computer-specific settings. Forensic analysis of the registry can provide valuable evidence because it stores a large amount of system and user data, including details on applications, users, and hardware used on the computer.

Embed presentation

Download to read offline
WHAT IS REGEDIT?
• Is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. • The registry is a database file or presentation that is used by all windows operating systems that followed Win95. • The registry is used by the Windows OS to store hardware and software configuration information, user preferences and setup information. • The correct registry is essential for correct windows performance and functioning, this is why the registry is usually attacked by viruses and other malicious software.
• HKEY_CLASSES_ROOT - The software settings about the file system, shortcut information, information on file associations and other user interface information are stored in this hive. The file association information are essentially used by Windows to invoke the correct program when a file is opened using Windows Explorer. • HKEY_USERS – The configuration settings for each hardware and software item in the computer system, corresponding to each of the users of the computer system are stored in this hive. The information on the user's folders, user's choices of themes, colors and Control Panel settings are stored here as user's profile. This hive has a subkey for each user storing his/her user's profile.
• HKEY_CURRENT_USER - The configuration settings for each hardware and software item in the computer system, corresponding to the currently logged-on user are stored in this hive. This hive is dynamic, i.e. whenever a user logs-on into the system, the settings corresponding to the user are retrieved from the respective subkey of H_KEY_USERS as user profile and stored in this hive. If a currently active item modifies a registry entry in its course of operation, the change will affect only the current user. • HKEY_LOCAL_MACHINE - The configuration settings for hardware and software for all users of the computer are stored in this hive. The information stored here is computer specific and not user specific. • HKEY_CURRENT_CONFIG - The current hardware configuration settings, pointing to HKEY_LOCAL_MACHINE Config are stored in this hive. This hive is dynamic, meaning it is built on the run.
WINDOWS REGISTRY ANALYSIS • Computer forensics is the process of methodically examining computer media (hard disks, diskettes, tapes, etc.) for evidence . When considering computer forensics, registry forensics plays a huge role because of the amount of the data that is stored on the registry and the importance of the stored data. The extraction of this data is therefore highly important when investigating. • The Windows registry is a central hierarchical database intended to store information that is necessary to configure the system for one or more users, applications or hardware devices . There are four main registry files: System, Software, Security and SAM registry.
• Registry analysis involves: • Extracting information and context from a largely untapped source of data • Extracting relevant information only (Dan Purcell, CEIC 2009) • Knowing the context which creates or modifies Registry data, as that you do find can significantly impact your overall analysis
RegEdit

More Related Content

PPTX
Windows Registry
byprimeteacher32
 
PPTX
Windows Registry Forensics - Artifacts
byMD SAQUIB KHAN
 
PDF
FORENSIC ANALYSIS OF WINDOWS REGISTRY AGAINST INTRUSION
byIJNSA Journal
 
PPTX
Windows Registry analysis with RegRipper
byDetectalix
 
PPTX
Windows registry forensics
byTaha İslam YILMAZ
 
PPT
Registry forensics
byPrince Boonlia
 
PPT
Seminar Topic Registry (M.Tech)
byYashpal Rathore
 
PPTX
software terms powerpoint
byrryyaann96
 
Windows Registry
byprimeteacher32
 
Windows Registry Forensics - Artifacts
byMD SAQUIB KHAN
 
FORENSIC ANALYSIS OF WINDOWS REGISTRY AGAINST INTRUSION
byIJNSA Journal
 
Windows Registry analysis with RegRipper
byDetectalix
 
Windows registry forensics
byTaha İslam YILMAZ
 
Registry forensics
byPrince Boonlia
 
Seminar Topic Registry (M.Tech)
byYashpal Rathore
 
software terms powerpoint
byrryyaann96
 

Similar to RegEdit

PPTX
Registry Forensic
byMD SAQUIB KHAN
 
PPT
Windowsforensics
bySantosh Khadsare
 
PDF
CNIT 152: 12b Windows Registry
bySam Bowne
 
PDF
Windows Registry Analysis
byHimanshu0734
 
PDF
CNIT 152 12 Investigating Windows Systems (Part 2)
bySam Bowne
 
PDF
12 Investigating Windows Systems (Part 2 of 3)
bySam Bowne
 
PPT
Registry Forensics
bySomesh Sawhney
 
PPT
Computer Forensics & Windows Registry
byaradhanalaw
 
PDF
Windows 2000 Registry Little Black Book Nathan Wallace Anthony Sequeira
bybottonweibin
 
PPT
Computer Forensics & Windows Registry
bysomutripathi
 
PPTX
Analysis_of_Registry_in_Cyber_Forensics_Presentation.pptx
byyugaldesktop
 
PDF
FINDING FORENSIC ARTIFACTS FROM WINDOW REGISTRY
bynitinparashar786
 
PPT
Windows xp and registery
byparekhjigarh
 
PDF
Windows Registry Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
byMichael Gough
 
PDF
Windows registry troubleshooting (2015)
byJames Konol
 
PDF
CNIT 121: 12 Investigating Windows Systems (Part 2 of 3)
bySam Bowne
 
PDF
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)
bySam Bowne
 
PPS
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
byClubHack
 
PDF
www.indonezia.net Hacking Windows Registry
byChandra Pr. Singh
 
PDF
Hta f42
bySelectedPresentations
 
Registry Forensic
byMD SAQUIB KHAN
 
Windowsforensics
bySantosh Khadsare
 
CNIT 152: 12b Windows Registry
bySam Bowne
 
Windows Registry Analysis
byHimanshu0734
 
CNIT 152 12 Investigating Windows Systems (Part 2)
bySam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
bySam Bowne
 
Registry Forensics
bySomesh Sawhney
 
Computer Forensics & Windows Registry
byaradhanalaw
 
Windows 2000 Registry Little Black Book Nathan Wallace Anthony Sequeira
bybottonweibin
 
Computer Forensics & Windows Registry
bysomutripathi
 
Analysis_of_Registry_in_Cyber_Forensics_Presentation.pptx
byyugaldesktop
 
FINDING FORENSIC ARTIFACTS FROM WINDOW REGISTRY
bynitinparashar786
 
Windows xp and registery
byparekhjigarh
 
Windows Registry Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
byMichael Gough
 
Windows registry troubleshooting (2015)
byJames Konol
 
CNIT 121: 12 Investigating Windows Systems (Part 2 of 3)
bySam Bowne
 
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)
bySam Bowne
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
byClubHack
 
www.indonezia.net Hacking Windows Registry
byChandra Pr. Singh
 
Hta f42
bySelectedPresentations
 

Recently uploaded

PDF
Road Safety Calendar-2026 Courtesy - IYSO Team India - Safer Indian Roads
byIndian Youth Secured Organisation
 
PDF
Fever & Fragment Uncovering the Plague in The Waste Land
byNidhi Pandya
 
PPTX
What is Epiphany? A Visual introduction to this amazing liturgical season
bySteve Thomason
 
PPTX
Salesforce Spring 26` Release Key Features.pptx
byMehediHasan939830
 
PDF
Harmonising Tertiary Education through XR and AI: Innovative approach in the ...
byTorrens University Australia
 
PPTX
Cultivation Practice of Brinjal in Nepal.pptx
byUmeshTimilsina1
 
PPTX
L5 DRG Pulsed Radiofrequency ablation.pptx
bySandeep Margan
 
PDF
Renewable Energy Resources Unit 2 Easy notes (EduShine Classes).pdf
byaaquib913
 
PPT
Clotting time - Practical - Hematology Physiology
bykishorkumar396
 
PPTX
Open to All Quiz Final Bagula Pathbhabana.pptx
bySourav Kr Podder
 
PDF
• Reinforcing the Human Firewall: Moving From Awareness to Applied Skill
byAdityarajsinh Gohil
 
PDF
The Industrialisation of Deception: An Analysis of the 2024 Cybercrime Landscape
bykrutivyas2005
 
PPTX
4. Nursery raising of vegetable crops.pptx
byUmeshTimilsina1
 
PPTX
Cultivation Practice of Tomato in Nepal.pptx
byUmeshTimilsina1
 
PDF
How to Report Cyber Fraud in India: Your Digital First Aid Kit (2025 Guide)
bySanjay Rathod
 
PPTX
YSPH VMOC Special Report - Measles - The Americas 12-28 2025 .pptx
byYale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
PPTX
Introduction to Mendelian inheritance.pptx
bypramodphirke1
 
PDF
Life-Processes-in-Animals PPT/7TH CLASS NEW NCERT /CURIOSITY SCIENCE /BY K SA...
bySandeep Swamy
 
PPTX
Acid Base Titration First Year B Pharm.pptx
byMs. Ashatai Patil
 
PPTX
Aplastic_Anaemia_PA17.1_Presentation.pptx
byDibyajyoti Prusty
 
Road Safety Calendar-2026 Courtesy - IYSO Team India - Safer Indian Roads
byIndian Youth Secured Organisation
 
Fever & Fragment Uncovering the Plague in The Waste Land
byNidhi Pandya
 
What is Epiphany? A Visual introduction to this amazing liturgical season
bySteve Thomason
 
Salesforce Spring 26` Release Key Features.pptx
byMehediHasan939830
 
Harmonising Tertiary Education through XR and AI: Innovative approach in the ...
byTorrens University Australia
 
Cultivation Practice of Brinjal in Nepal.pptx
byUmeshTimilsina1
 
L5 DRG Pulsed Radiofrequency ablation.pptx
bySandeep Margan
 
Renewable Energy Resources Unit 2 Easy notes (EduShine Classes).pdf
byaaquib913
 
Clotting time - Practical - Hematology Physiology
bykishorkumar396
 
Open to All Quiz Final Bagula Pathbhabana.pptx
bySourav Kr Podder
 
• Reinforcing the Human Firewall: Moving From Awareness to Applied Skill
byAdityarajsinh Gohil
 
The Industrialisation of Deception: An Analysis of the 2024 Cybercrime Landscape
bykrutivyas2005
 
4. Nursery raising of vegetable crops.pptx
byUmeshTimilsina1
 
Cultivation Practice of Tomato in Nepal.pptx
byUmeshTimilsina1
 
How to Report Cyber Fraud in India: Your Digital First Aid Kit (2025 Guide)
bySanjay Rathod
 
YSPH VMOC Special Report - Measles - The Americas 12-28 2025 .pptx
byYale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
Introduction to Mendelian inheritance.pptx
bypramodphirke1
 
Life-Processes-in-Animals PPT/7TH CLASS NEW NCERT /CURIOSITY SCIENCE /BY K SA...
bySandeep Swamy
 
Acid Base Titration First Year B Pharm.pptx
byMs. Ashatai Patil
 
Aplastic_Anaemia_PA17.1_Presentation.pptx
byDibyajyoti Prusty
 

RegEdit

  • 1.
  • 2.
    • Is ahierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. • The registry is a database file or presentation that is used by all windows operating systems that followed Win95. • The registry is used by the Windows OS to store hardware and software configuration information, user preferences and setup information. • The correct registry is essential for correct windows performance and functioning, this is why the registry is usually attacked by viruses and other malicious software.
  • 3.
    • HKEY_CLASSES_ROOT -The software settings about the file system, shortcut information, information on file associations and other user interface information are stored in this hive. The file association information are essentially used by Windows to invoke the correct program when a file is opened using Windows Explorer. • HKEY_USERS – The configuration settings for each hardware and software item in the computer system, corresponding to each of the users of the computer system are stored in this hive. The information on the user's folders, user's choices of themes, colors and Control Panel settings are stored here as user's profile. This hive has a subkey for each user storing his/her user's profile.
  • 4.
    • HKEY_CURRENT_USER -The configuration settings for each hardware and software item in the computer system, corresponding to the currently logged-on user are stored in this hive. This hive is dynamic, i.e. whenever a user logs-on into the system, the settings corresponding to the user are retrieved from the respective subkey of H_KEY_USERS as user profile and stored in this hive. If a currently active item modifies a registry entry in its course of operation, the change will affect only the current user. • HKEY_LOCAL_MACHINE - The configuration settings for hardware and software for all users of the computer are stored in this hive. The information stored here is computer specific and not user specific. • HKEY_CURRENT_CONFIG - The current hardware configuration settings, pointing to HKEY_LOCAL_MACHINE Config are stored in this hive. This hive is dynamic, meaning it is built on the run.
  • 6.
    WINDOWS REGISTRY ANALYSIS •Computer forensics is the process of methodically examining computer media (hard disks, diskettes, tapes, etc.) for evidence . When considering computer forensics, registry forensics plays a huge role because of the amount of the data that is stored on the registry and the importance of the stored data. The extraction of this data is therefore highly important when investigating. • The Windows registry is a central hierarchical database intended to store information that is necessary to configure the system for one or more users, applications or hardware devices . There are four main registry files: System, Software, Security and SAM registry.
  • 7.
    • Registry analysisinvolves: • Extracting information and context from a largely untapped source of data • Extracting relevant information only (Dan Purcell, CEIC 2009) • Knowing the context which creates or modifies Registry data, as that you do find can significantly impact your overall analysis