Skip to main content
SpringerLink
Log in

Analysis of the structure of hive files and the implementation of pivotal operations for distributed computing environment

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

This paper provides a thorough analysis of the storage structure of hive files and then proposes a new method for processing hive files independently of the Windows registry API and for achieving direct access. The method has the advantages of high priority and of preserving the computing environment. In particular, it is suitable for occasions when the hive files of the target operating system cannot be copied or directly loaded. This paper also presents a set of algorithms for key operations associated with hive files such as access, deletion, creation, and expansion. These operations are designed to be independent of the Windows API. Third-party developers can develop other specialized applications on the basis of this set of algorithms. A complete hivedit program to carry out the operations described above has been implemented. This program can be executed before loading the operating system with the assistance of the ECM-XDP3 emulator, and the correctness of all the algorithms has been verified.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

References

  1. Mbatha, M.P.: Windows registry forensic artifacts. University of Nairobi, School of Computing and Informatics, Shellbags for Computer Security. College of Biological and Physical Sciences (2016)

  2. Kaur, R., Chadha, R.: Comparative analysis of various file formats in HIVE. Int. J. Technol. Comput. 3(6), 135–139 (2017)

    Google Scholar 

  3. Ramani, A., Dewangan, S.K.: Digital forensic identification, collection, examination and decoding of windows registry keys for discovering user activities patterns. Int. J. Comput. Trends Technol. 17(2), 101–111 (2014)

    Article  Google Scholar 

  4. Ravi, C., Manoharan, R.: Malware detection using windows API sequence and machine learning. Int. J. Comput. Appl. 43(17), 12–16 (2012)

    Google Scholar 

  5. Luttgens, J.T., Pepe, M., Mandia, K.: Incident Response & Computer Forensics. McGraw-Hill Education Group, New York (2014)

    Google Scholar 

  6. Russinovich, M.E., Solomom, D.A., Ionescu, A.: Windows Internals, 7th edn. Microsoft Press, Redmond (2017)

    Google Scholar 

  7. Morgan, T.D.: The Windows NT Registry File Format. http://www.sentinelchicken.com/research/registry_format/ (2010)

  8. Dolan-Gavitt, B.: Forensic analysis of the Windows registry in memory. Digit. Investig. 5, S26–S32 (2008)

    Article  Google Scholar 

  9. Raghavan, S.: Digital forensic research: current state of the art. CSI Trans. ICT 1(1), 91–114 (2013)

    Article  Google Scholar 

  10. Thomassen, Jolanta: Forensic Analysis of Unallocated Space in Windows Registry Hive Files. The University of Liverpool, Liverpool (2008)

    Google Scholar 

  11. Khanuja, H.K., Adane, D.S.: Forensic Analysis for Monitoring Database Transactions. In: Proceedings of International Symposium on Security in Computing and Communication. Springer, Berlin, pp. 201–210 (2014)

    Google Scholar 

  12. Khalidi Y.A., Smith, F.J. IV, Talluri, M.: Merging registry keys, U.S. Patent 8 245 035 B2. Aug 14 (2012)

  13. Russinovich, M.: Inside the registry. http://technet.microsoft.com/en-us/library/cc750583.aspx (2017)

  14. Ramani, A., Dewangan, S.K.: Auditing Windows 7 Registry Keys to track the traces left out in copying files from system to external USB Device. Int. J. Comput. Sci. Inf. Technol. 5(2), 1045–1052 (2014)

    Google Scholar 

  15. Patil, D.N., Meshram, B.B.: RegForensicTool: evidence collection and analysis of windows registry. Int. J. Cyber Secur. Digit. Forensics 2, 94–105 (2016)

    Article  Google Scholar 

  16. Microsoft: How to recover from a corrupted registry that prevents Windows XP from starting. https://support.microsoft.com/en-us/help/307545/how-to-recover-from-a-corrupted-registry-that-prevents-windows-xp-from. May 13 (2017)

  17. Mauzy Properties, LLC. Registry Tool. http://www.registrytool.com (2013)

  18. Rose City Software, Registry First Aid. http://www.snapfiles.com/get/regfirstaid.html (2013)

  19. Hover Inc. RegSeeker. http://www.snapfiles.com/get/regseeker.html. Sept 05 (2017)

  20. Nir Sofer, RegScanner. http://www.nirsoft.net/utils/regscanner.html. Aug 08 (2017)

  21. Net Security, Registry Decoder: Digital registry forensics. https://www.helpnetsecurity.com/2011/11/03/registry-decoder-digital-registry-forensics/. Nov 3 (2011)

  22. Pranshu Bajpai: Windows Registry Analysis with RegRipper—A ‘Hands-on’ Case Study. http://resources.infosecinstitute.com/windows-registry-analysis-regripper-hands-case-study-2/. Aug 25 (2014)

  23. James Macfarlane: Parse::Win32Registry—Parse Windows Registry Files. http://search.cpan.org/~jmacfarla/Parse-Win32Registry-1.0/lib/Parse/Win32Registry.pm (2012)

  24. ASSET InterTech, ECM-XDP3 Intel JTAG Debugger. https://www.asset-intertech.com/products/sourcepoint-intel-trace (2017)

  25. BreakPoint Software Inc. Hex Workshop. http://www.hexworkshop.com/overview.html (2014)

  26. Alghafli, K.A., Jones, A., Martin, T.A.: Forensic analysis of the Windows 7 Registry. J. Digit. Forensics Secur. Law 5(4), 5–30 (2010)

    Google Scholar 

  27. Bose, R.P.J.C., Srinivasan, S.H.: mRegistry: a registry representation for fault diagnosis. In: Proceedings of International Conference on Intelligent Systems Design and Applications 2005. Isda ’05. Proceedings of the IEEE, pp. 37–42 (2005)

  28. Morgan, T.D.: Recovering deleted data from the Windows registry. Digit. Investig. 5(Suppl. 1), S33–S41 (2008)

    Article  Google Scholar 

  29. Tabarno, S.M., Sharma, A.K., Verma, N.: A futuristic digital forensic software framework for analyzing the registry of windows based systems. Softw. Eng. Technol. 5(8), 282–286 (2013)

    Google Scholar 

  30. ASSET InterTech: SourcePoint for Intel and AMD Processors. https://www.asset-intertech.com/eresources/software-debug (2017)

  31. Cui, B., Wang, C., Dong, G., Ma, J.: A program behavior recognition algorithm based on assembly instruction sequence similarity. In: Proceedings of International Conference on Broadband and Wireless Computing, Communication and Applications, pp. 13–20 (2017)

    Google Scholar 

  32. Zhou, Q., Luo, J.: Artificial neural network based grid computing of E-government scheduling for emergency management. Comput. Syst. Sci. Eng. 30(5), 327–335 (2015)

    Google Scholar 

  33. Zhou, Q.: Research on heterogeneous data integration model of group enterprise based on cluster computing. Clust. Comput. 19, 1275 (2016). https://doi.org/10.1007/s10586-016-0580-y

    Article  Google Scholar 

  34. Roy, T., Jain, A.: Windows registry forensics: an imperative step in tracking data theft via USB devices. Int. J. Comput. Sci. Inf. Technol. 3(3), 4427–4433 (2012)

    Google Scholar 

Download references

Acknowledgements

This work was supported in part by the Natural Science Foundation of China under Grant 61273118, Guangdong Science and Technology Program of China under Grant No. 2017A040405050, and Guangzhou High-Tech Developmental Plan 201604016041.

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Guangdong University of Technology, Guangzhou, 510006, China

    Qing Su, Yihao Tang, Kai Liu & Tianyi Cheng

  2. School of Materials and Energy, Guangdong University of Technology, Guangzhou, 510006, China

    Zhanyi Li

Authors
  1. Qing Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yihao Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhanyi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kai Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tianyi Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhanyi Li.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Su, Q., Tang, Y., Li, Z. et al. Analysis of the structure of hive files and the implementation of pivotal operations for distributed computing environment. Cluster Comput 22 (Suppl 3), 5675–5689 (2019). https://doi.org/10.1007/s10586-017-1468-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-1468-1

Keywords

Search

Navigation