| 1 | - The Windows NT Registry File Format
|
|---|
| 2 | (A work in progress to support this tool.)
|
|---|
| 3 | http://sentinelchicken.com/research/registry_format/
|
|---|
| 4 |
|
|---|
| 5 | - Recovering Deleted Data From the Windows Registry
|
|---|
| 6 | (The research that is implemented as a PoC in reglookup-recover.)
|
|---|
| 7 | http://sentinelchicken.com/research/registry_recovery/
|
|---|
| 8 |
|
|---|
| 9 | - Petter Nordahl-Hagen. Windows NT registry file format description.
|
|---|
| 10 | (The file 'winntreg.txt' included in this distribution is derived from this.)
|
|---|
| 11 | http://home.eunet.no/~pnordahl/ntpasswd/WinReg.txt
|
|---|
| 12 |
|
|---|
| 13 | - Nigel Williams. Much of the same information as provided in 'winntreg.txt',
|
|---|
| 14 | but with some code:
|
|---|
| 15 | http://www.wednesday.demon.co.uk/dosreg.html
|
|---|
| 16 |
|
|---|
| 17 | - Some useful information on how Windows reads from and writes to registry
|
|---|
| 18 | hives:
|
|---|
| 19 | http://www.microsoft.com/technet/archive/winntas/tips/winntmag/inreg.mspx
|
|---|
| 20 |
|
|---|
| 21 | - Registry key, value, and depth limits:
|
|---|
| 22 | http://msdn2.microsoft.com/en-us/library/ms724872.aspx
|
|---|
| 23 |
|
|---|
| 24 | - Misc references for windows registry permissions and ownership:
|
|---|
| 25 | http://msdn2.microsoft.com/en-gb/library/ms724878.aspx
|
|---|
| 26 | http://technet2.microsoft.com/WindowsServer/en/library/86cf2457-4f17-43f8-a2ab-7f4e2e5659091033.mspx?mfr=true
|
|---|
| 27 | http://msdn2.microsoft.com/en-gb/library/aa374892.aspx
|
|---|
| 28 |
|
|---|
| 29 | - ACL/ACE flags information
|
|---|
| 30 | http://support.microsoft.com/kb/220167
|
|---|
| 31 | http://msdn2.microsoft.com/en-us/library/aa772242.aspx
|
|---|
| 32 |
|
|---|
| 33 | - Info on SAM hive, syskey, and hash extraction (with tools bkhive and samdump2):
|
|---|
| 34 | http://www.studenti.unina.it/~ncuomo/syskey/
|
|---|
