Windows registry
Windows registry
The Windows registry is essentially a database that contains the computer hardware, software and user settings. It may also contain supporting information depending on the installed product.
The registry contains five hives two of which are root hives. The root hives are HKLM (applies to all users) and HKCU (only applies to individual users). All hives contain keys, subkeys and values.
The local machine and user hives contain “Run Keys”. The keys are named Run and RunOnce and relate to executing a program either when the computer boots up or when a particular user logs in. The locations of the run keys are:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\
An example of “Run Keys” and entries are detailed below:
Additional information…
Microsoft describes the registry as “A central hierarchical database used in Microsoft Windows 98, Windows CE, Windows NT, and Windows 2000 used to store information that is necessary to configure the system for one or more users, applications and hardware devices.”
So they haven’t updated this article in a while then? Click here to go to the Microsoft article in question.
Introduction to Digital Forensics: Malware Analysis and Investigations
Introduction to Digital Forensics: Malware Analysis and Investigations
Reach your personal and professional goals
Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.
Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.
