|
|
 |
|
Analysis of the ‘Db’ Windows Registry Data Structure
ABSTRACT
The Windows Registry stores a wide variety of data representing a host of different user properties, settings and program information. The data structures used by the registry are designed to be adaptable to store these differences in a simple format. In this paper we will highlight the existence of a rare data structure that is used to store a large amount of data within the registry hives. We analyse the manner in which this data structure stores its data and the implications that it may have on evidence retrieval and digital investigation. In particular, we reveal that the three of the most popular digital investigation suites fail to recognise this structure and do not allow the investigator to view the contents of the structure.
|
Copyright © 2010 Association of Digital Forensics, Security and Law (ADFSL)