Proposal / Submission Type

Peer Reviewed Paper

Location

Burlington, Vermont

Start Date

21-5-2009 10:00 AM

Abstract

The Windows Registry stores a wide variety of data representing a host of different user properties, settings and program information. The data structures used by the registry are designed to be adaptable to store these differences in a simple format. In this paper we will highlight the existence of a rare data structure that is used to store a large amount of data within the registry hives. We analyse the manner in which this data structure stores its data and the implications that it may have on evidence retrieval and digital investigation. In particular, we reveal that the three of the most popular digital investigation suites fail to recognise this structure and do not allow the investigator to view the contents of the structure.

Keywords: Windows Registry, Data Structure

Download

Share

COinS
 
May 21st, 10:00 AM

Analysis of the ‘Db’ Windows Registry Data Structure

Burlington, Vermont

The Windows Registry stores a wide variety of data representing a host of different user properties, settings and program information. The data structures used by the registry are designed to be adaptable to store these differences in a simple format. In this paper we will highlight the existence of a rare data structure that is used to store a large amount of data within the registry hives. We analyse the manner in which this data structure stores its data and the implications that it may have on evidence retrieval and digital investigation. In particular, we reveal that the three of the most popular digital investigation suites fail to recognise this structure and do not allow the investigator to view the contents of the structure.

Keywords: Windows Registry, Data Structure