Windows Registry Editor
The windows registry editor refers to a collection of the database that stores or save different types of information and settings for all the hardware, software, users, and preferences related to the system unit. Whenever, any changes are done to the control panel settings, file association, system policies, or installed software, then these changes get updated and stored in the windows registry.
Windows registry can be accessed, configured, and altered using the registry editor program called ” Regedit ” which is installed with the operating system. It provides an effective tool for investigation purpose because the registry editor locates entries which can possess the traces of evidence.
Structure of Windows Registry Editor
The structure of the windows registry is an ordered collection of databases that are organized in a hierarchical or tree format. Even though the structure is complex it looks similar to that of windows folders and file structure.
The structure of the registry mainly comprises three elements namely Hive, Keys, and values.
(i)Hive
It is the main folder that contains keys as its sub-1oIders.
(i) Keys
t 1s a container object similar to a folder. It contains values or further keys.
(iii) Values
It is a non-container object similar to files. It contains actual information that is stored in the registry. Values are of three types namely. String, Binary, and DWORD. These types are used on a context basis.
A user can access the hierarchy of registry keys only from a known root key handle which is mapped to any one of the following
- The registry key content is preloaded by the kernel from a stored ‘ hive’.
- The subkeys content within another root key.
- A registered service or DLL that can allow accessing its subkeys and values.
The registry contains six predefined root keys as mentioned below.
1. HKEY-CLASS-ROOT
It includes file associations information (i.e., file type and file extension) and URL protocol prefixes information.
2. HKEY_CURRENT_USER
Contains user preferences (or setting) for the current use of the system.
3. HKEY_LOCAL_MACHINE
Includes settings for the hardware, operating system and software (or installed applications).
4. HKEY_USER
Contains the user information of the present logged on-user
5. HKEY_CURRENT_CONFIG
Stores hardware configuration settings for devices such as displays and printers.
6. HKEY_DYN_DATA
Contains hardware configuration settings, but it is only used in the 9x/Me operating system.
Uses of Windows Registry
Windows registry is used for several purposes. Some of this includes the following,
1. For storing strongly typed data containing non- ASCII characters. This provides a distinct benefit of incorporating non-Latin characters, specialized symbols, and escape characters into the setting.
2. For enabling multiple users to log in and make use of the workstation.
3. For taking backups and restoring of system and user configuration information.
4. For providing key/value interface that does not need any passing. This allows storing arbitrary data into the registry without requiring any escaping.
5. For allowing multiple threads and processes to access the same registry value at the same time.
6. For performing changes to the registry even after the application gets hang or crash.
DEVICE MANAGER
A device manager can be defined as an entity that will be contacted by an application whenever it needs control (or) access over a.device in order to accomplish its tasks. This process of granting a device control to an external device is carried out by a device server. For the device server to performs this process of granting the device control to a device, first, it needs to get registered with a particular device manager. In order to provide their support to the device manager, the device servers follow a unified protocol rather than a device-specific
protocol for every device class.
These device classes can be listed out as follows,
1. Videotape recorders (or) players.
2. Audiotape recorders (or) players.
3. Video disk recorders.
4. Automation (or) media management systems.
5. Encoder, decoders, etc.
Hence depending upon the nature of the devices they will be placed in one of the above classes. Therefore, this approach helps the device manager to address all the devices using a standard interface.
