As you can see the Registry contains information that is not only vital to the use of the operating system, but also essential in allowing you to customize Windows to your particular tastes. The registry is a key component of the Windows operating system. It is so important, that without it, Windows would not even run. When a new piece of hardware or software is installed in Windows, it stores its configuration into the Registry. This allows Windows to retrieve that information at later dates such as when it is starting up.

Modify Values & Data In A
Registry Key

To access it, simply type Regedit in Start Menu Search Bar and hit Enter. HKEY_CURRENT_USER (HKCU) -This Hive contains the preferences and configuration for the particular user who is currently logged in. This Hive is linked to the HKLM Hive.HKEY_DYN_DATA (HKDD) -This Hive is found only on Windows 95/98/ME. It contains information about hardware Plug and Play. This Hive is linked to the HKLM Hive.Keys – Keys are an organizational unit in the Registry.

Keys are containers that can either contain values or further subkeys. Keys are similar to folders in that they can contain further subkeys or the file, or what we call values in the Registry. The registry, though, is not only for operating system settings.

There is also information which is specific to the operating system and hardware, such as type of bus, total size of available memory, list of currently loaded device drivers and information about Windows startup. This key stores the largest ammount of information in the registry and is often used for fine-tuning the hardware configuration of the computer. Information stored in this key is valid for all profiles of registered users. These files are database files, and only RegEdit, Regedit32 and the Kernel32 can read them. The primary tool in Windows 10/8/7 for working directly with the registry is Registry Editor.

  • This paper presents a proposed framework for digital crime investigation based on Fuzzy logic.
  • Fortunately, in Windows Operating systems, all users’ transactions are stored in a central point which is known as Windows Registry.
  • It stores all hardware and software configurations, user activities, and transactions.
  • Therefore, digital forensics based on Windows registry is considered as a hot research field.
  • These data stored in unnoticeable tiny devices such as USB sticks which may lead to a muddled decision because of the tediousness of the investigation.

User preferences and application settings are stored in the Registry as well. When you change your desktop background or screen saver, these details are stored in the Registry.

What Is Windows Registry? [Minitool Wiki]

Now when you shutdown Windows and start it up again at a later date, your preferences are available and loaded automatically. Application settings such as what directory you would like to download files to or what your default font is in a word processor are stored here as well.

Differences Between The Win95 And Win98 Registry

The HKCU key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is accessible in both locations. On Windows-NT based systems, each user’s settings are stored in their own files called NTUSER.DAT and USRCLASS.DAT inside their own Documents and Settings subfolder (or their own Users subfolder in Windows Vista). Settings in this hive follow users with a roaming profile from machine to machine. This key stores information about installed applications, settings, and drivers.