Dark Developments Where Knowledge Meets Power

28Sep/110

RECOVERY – Offline Registry Viewer

Posted by Dark#Basics

When installing a computer that needs to replace another one it is handy to know the old PC name, background, licence keys, etc. All these things and more can be found in the registry even when you use the hard drive as slave to copy some personal data. The registry files of the old host can be opened with an Offline Registry Viewer.

A free tool that I found was Windows Registry Analyzer

In addition some information about the local of the different registry files.

Windows NT-based systems store the registry in a binary hive format which can be exported, loaded and unloaded by the Registry Editor in these operating systems. The following system Registry files are stored in %SystemRoot%\System32\Config\:

- SAM - HKEY_LOCAL_MACHINE\SAM
- Security – HKEY_LOCAL_MACHINE\SECURITY
- Software – HKEY_LOCAL_MACHINE\SOFTWARE
- System – HKEY_LOCAL_MACHINE\SYSTEM
- Default – HKEY_USERS\.DEFAULT
- %UserProfile%\NTuser.dat - HKEY_USERS\<User SID> (HKEY_CURRENT_USER)
- %UserProfile%\Local Settings\Application Data\Microsoft\Windows\Usrclass.dat or (Vista+) %UserProfile%\AppData\Local\Microsoft\Windows\Usrclass.dat  – HKEY_USERS\<User SID>_Classes (HKEY_CURRENT_USER\Software\Classes)

Filed under: Recovery No Comments