|Project Description: ||In Windows Operating system, Registry is core component and it contains significant information which is useful for a forensic analyst. It is a repository of the central database in a hierarchal fashion which stores information like configuration of system, applications installed, hardware devices added and user credentials. One such area where rich information can be found is Windows Registry.
Registry is a form of binary data structure which stores values that are considered to be primary replacement of configuration and initialization INI files used in previous windows version systems. Registry can be said as critical resource for digital forensic investigations.
The project focuses on creating a tool that monitors Registry hives and extracts information based on the predefined data. The tool also detects changes made to subtrees, keys and subkeys and their values. A detailed report is showed on the enhanced Registry monitor screen. The projects core idea and focus initially was towards the development of a tool which mainly concentrates on the changes made to the Registry.