ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
On the persistence of deleted windows registry data structures
Full text PdfPdf (393 KB)
Source
Symposium on Applied Computing archive
Proceedings of the 2009 ACM symposium on Applied Computing table of contents
Honolulu, Hawaii
POSTER SESSION: Poster papers table of contents
Pages 895-896  
Year of Publication: 2009
ISBN:978-1-60558-166-8
Authors
Damir Kahvedžić  University College, Dublin, Ireland
Tahar Kechadi  University College, Dublin, Ireland
Sponsor
SIGAPP: ACM Special Interest Group on Applied Computing
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 11,   Downloads (12 Months): 31,   Citation Count: 0
Additional Information:

abstract   references   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1529282.1529476
What is a DOI?

ABSTRACT

Deleted entries in the Windows Registry remain in the hives that contain them but their space is marked as free for future use. In this paper we analyse the fragmentation of these deallocated blocks and how long they persist by surveying a number of hives over a long period of time. We formalise retrieval of data and define 'consistency' with respect to deleted keys. We illustrate how uninstallation programs may inadvertently corrupt the keys they are deleting in the uninstallation process by analysing the keys during the uninstallation of a popular media software suite.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Jerry Honeycutt, Microsoft Windows XP Registry Guide, Microsoft Press, Redmond, WA, 2002
 
2
H. Carvey. The Windows Registry as a forensic resource. Digital Investigation, 2(3): 201--205, 2005.
 
3
Mark Russinovich. Inside the registry. http://technet.microsoft.com/en-gb/library/cc750583.aspx.
 
4
B. D. Registry file format. http://home.eunet.no/pnordahl/ntpasswd/WinReg.txt.visited: 09/May/2008.
Collaborative Colleagues:
Damir Kahvedžić: colleagues
Tahar Kechadi: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player