1 | - The Windows NT Registry File Format |
---|
2 | (A work in progress to support this tool.) |
---|
3 | http://sentinelchicken.com/research/registry_format/ |
---|
4 | |
---|
5 | - Recovering Deleted Data From the Windows Registry |
---|
6 | (The research that is implemented as a PoC in reglookup-recover.) |
---|
7 | http://sentinelchicken.com/research/registry_recovery/ |
---|
8 | |
---|
9 | - Petter Nordahl-Hagen. Windows NT registry file format description. |
---|
10 | (The file 'winntreg.txt' included in this distribution is derived from this.) |
---|
11 | http://home.eunet.no/~pnordahl/ntpasswd/WinReg.txt |
---|
12 | |
---|
13 | - Nigel Williams. Much of the same information as provided in 'winntreg.txt', |
---|
14 | but with some code: |
---|
15 | http://www.wednesday.demon.co.uk/dosreg.html |
---|
16 | |
---|
17 | - Some useful information on how Windows reads from and writes to registry |
---|
18 | hives: |
---|
19 | http://www.microsoft.com/technet/archive/winntas/tips/winntmag/inreg.mspx |
---|
20 | |
---|
21 | - Registry key, value, and depth limits: |
---|
22 | http://msdn2.microsoft.com/en-us/library/ms724872.aspx |
---|
23 | |
---|
24 | - Misc references for windows registry permissions and ownership: |
---|
25 | http://msdn2.microsoft.com/en-gb/library/ms724878.aspx |
---|
26 | http://technet2.microsoft.com/WindowsServer/en/library/86cf2457-4f17-43f8-a2ab-7f4e2e5659091033.mspx?mfr=true |
---|
27 | http://msdn2.microsoft.com/en-gb/library/aa374892.aspx |
---|
28 | |
---|
29 | - ACL/ACE flags information |
---|
30 | http://support.microsoft.com/kb/220167 |
---|
31 | http://msdn2.microsoft.com/en-us/library/aa772242.aspx |
---|
32 | |
---|
33 | - Info on SAM hive, syskey, and hash extraction (with tools bkhive and samdump2): |
---|
34 | http://www.studenti.unina.it/~ncuomo/syskey/ |
---|