How
to supervise the Windows Registry? This article informs you how
to extract useful information from the Windows Registry…
To
supervise the Registry of Windows :
-
Configure
HD Observer for the monitoring of the Registry in the tab "Scan" of the options panel
-
Select
the level of monitoring of Registry :
- Monitoring
of the keys (sufficient when one installs a program for the
first time on a computer)
- Monitoring
the values of the keys (If you made a reinstallment of a
program)
- Monitoring
the data (if you want to see the modifications which events
causes on the data of Registry)
-
Select
the principal keys which you want to monitor, (tab "Scan")
-
HKey_Class_Root
(H CR): for associations and extensions of files
-
HKey_Current_User
(H CU): for the configuration and the parameters of the
current user
-
HKey_Local_Machine
(H LM): for the pilots, the hardware and software configurations
of your computer
-
HKey_Users
(H US): for the configuration and the parameters of all
users of the PC
-
HKey_Current_Config
(H CF): for the current configuration of the material
You
can consult the keys and added values on the Registry in the
tab “uninstallation” of the monitoring panel. In the tab "uninstall", click on "Read" button, then choose a view in the drop-down menu:
• select the view "Keys and Values
of the Registry" for the added keys and values
• the view "the data of Registry" for
the data modifications
-
the
green lines are the lines where modifications took place
-
in
this view you can click on "Extract" button, to see the data modifications in red
