Top

Cluster Computing

Published in:

07-12-2017

Analysis of the structure of hive files and the implementation of pivotal operations for distributed computing environment

Authors: Qing Su, Yihao Tang, Zhanyi Li, Kai Liu, Tianyi Cheng

Published in: Cluster Computing | Special Issue 3/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This paper provides a thorough analysis of the storage structure of hive files and then proposes a new method for processing hive files independently of the Windows registry API and for achieving direct access. The method has the advantages of high priority and of preserving the computing environment. In particular, it is suitable for occasions when the hive files of the target operating system cannot be copied or directly loaded. This paper also presents a set of algorithms for key operations associated with hive files such as access, deletion, creation, and expansion. These operations are designed to be independent of the Windows API. Third-party developers can develop other specialized applications on the basis of this set of algorithms. A complete hivedit program to carry out the operations described above has been implemented. This program can be executed before loading the operating system with the assistance of the ECM-XDP3 emulator, and the correctness of all the algorithms has been verified.

previous article An improved LLE-based cluster security approach for nonlinear system fault diagnosis

next article The computation on -connectedness index of uncertain graph

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Mbatha, M.P.: Windows registry forensic artifacts. University of Nairobi, School of Computing and Informatics, Shellbags for Computer Security. College of Biological and Physical Sciences (2016)

Kaur, R., Chadha, R.: Comparative analysis of various file formats in HIVE. Int. J. Technol. Comput. 3(6), 135–139 (2017)

Ramani, A., Dewangan, S.K.: Digital forensic identification, collection, examination and decoding of windows registry keys for discovering user activities patterns. Int. J. Comput. Trends Technol. 17(2), 101–111 (2014)CrossRef

Ravi, C., Manoharan, R.: Malware detection using windows API sequence and machine learning. Int. J. Comput. Appl. 43(17), 12–16 (2012)

Luttgens, J.T., Pepe, M., Mandia, K.: Incident Response & Computer Forensics. McGraw-Hill Education Group, New York (2014)

Russinovich, M.E., Solomom, D.A., Ionescu, A.: Windows Internals, 7th edn. Microsoft Press, Redmond (2017)

Morgan, T.D.: The Windows NT Registry File Format. http://www.sentinelchicken.com/research/registry_format/ (2010)

Dolan-Gavitt, B.: Forensic analysis of the Windows registry in memory. Digit. Investig. 5, S26–S32 (2008)CrossRef

Raghavan, S.: Digital forensic research: current state of the art. CSI Trans. ICT 1(1), 91–114 (2013)CrossRef

10.

Thomassen, Jolanta: Forensic Analysis of Unallocated Space in Windows Registry Hive Files. The University of Liverpool, Liverpool (2008)

11.

Khanuja, H.K., Adane, D.S.: Forensic Analysis for Monitoring Database Transactions. In: Proceedings of International Symposium on Security in Computing and Communication. Springer, Berlin, pp. 201–210 (2014)

12.

Khalidi Y.A., Smith, F.J. IV, Talluri, M.: Merging registry keys, U.S. Patent 8 245 035 B2. Aug 14 (2012)

13.

Russinovich, M.: Inside the registry. http://technet.microsoft.com/en-us/library/cc750583.aspx (2017)

14.

Ramani, A., Dewangan, S.K.: Auditing Windows 7 Registry Keys to track the traces left out in copying files from system to external USB Device. Int. J. Comput. Sci. Inf. Technol. 5(2), 1045–1052 (2014)

15.

Patil, D.N., Meshram, B.B.: RegForensicTool: evidence collection and analysis of windows registry. Int. J. Cyber Secur. Digit. Forensics 2, 94–105 (2016)CrossRef

16.

Microsoft: How to recover from a corrupted registry that prevents Windows XP from starting. https://support.microsoft.com/en-us/help/307545/how-to-recover-from-a-corrupted-registry-that-prevents-windows-xp-from. May 13 (2017)

17.

Mauzy Properties, LLC. Registry Tool. http://www.registrytool.com (2013)

18.

Rose City Software, Registry First Aid. http://www.snapfiles.com/get/regfirstaid.html (2013)

19.

Hover Inc. RegSeeker. http://www.snapfiles.com/get/regseeker.html. Sept 05 (2017)

20.

Nir Sofer, RegScanner. http://www.nirsoft.net/utils/regscanner.html. Aug 08 (2017)

21.

Net Security, Registry Decoder: Digital registry forensics. https://www.helpnetsecurity.com/2011/11/03/registry-decoder-digital-registry-forensics/. Nov 3 (2011)

22.

Pranshu Bajpai: Windows Registry Analysis with RegRipper—A ‘Hands-on’ Case Study. http://resources.infosecinstitute.com/windows-registry-analysis-regripper-hands-case-study-2/. Aug 25 (2014)

23.

James Macfarlane: Parse::Win32Registry—Parse Windows Registry Files. http://search.cpan.org/~jmacfarla/Parse-Win32Registry-1.0/lib/Parse/Win32Registry.pm (2012)

24.

ASSET InterTech, ECM-XDP3 Intel JTAG Debugger. https://www.asset-intertech.com/products/sourcepoint-intel-trace (2017)

25.

BreakPoint Software Inc. Hex Workshop. http://www.hexworkshop.com/overview.html (2014)

26.

Alghafli, K.A., Jones, A., Martin, T.A.: Forensic analysis of the Windows 7 Registry. J. Digit. Forensics Secur. Law 5(4), 5–30 (2010)

27.

Bose, R.P.J.C., Srinivasan, S.H.: mRegistry: a registry representation for fault diagnosis. In: Proceedings of International Conference on Intelligent Systems Design and Applications 2005. Isda ’05. Proceedings of the IEEE, pp. 37–42 (2005)

28.

Morgan, T.D.: Recovering deleted data from the Windows registry. Digit. Investig. 5(Suppl. 1), S33–S41 (2008)CrossRef

29.

Tabarno, S.M., Sharma, A.K., Verma, N.: A futuristic digital forensic software framework for analyzing the registry of windows based systems. Softw. Eng. Technol. 5(8), 282–286 (2013)

30.

ASSET InterTech: SourcePoint for Intel and AMD Processors. https://www.asset-intertech.com/eresources/software-debug (2017)

31.

Cui, B., Wang, C., Dong, G., Ma, J.: A program behavior recognition algorithm based on assembly instruction sequence similarity. In: Proceedings of International Conference on Broadband and Wireless Computing, Communication and Applications, pp. 13–20 (2017)

32.

Zhou, Q., Luo, J.: Artificial neural network based grid computing of E-government scheduling for emergency management. Comput. Syst. Sci. Eng. 30(5), 327–335 (2015)

33.

Zhou, Q.: Research on heterogeneous data integration model of group enterprise based on cluster computing. Clust. Comput. 19, 1275 (2016). https://doi.org/10.1007/s10586-016-0580-y CrossRef

34.

Roy, T., Jain, A.: Windows registry forensics: an imperative step in tracking data theft via USB devices. Int. J. Comput. Sci. Inf. Technol. 3(3), 4427–4433 (2012)

Title: Analysis of the structure of hive files and the implementation of pivotal operations for distributed computing environment
Authors: Qing Su
Yihao Tang
Zhanyi Li
Kai Liu
Tianyi Cheng
Publication date: 07-12-2017
Publisher: Springer US
Published in: Cluster Computing / Issue Special Issue 3/2019
Print ISSN: 1386-7857
Electronic ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-017-1468-1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Special Issue 3/2019

Multi-base multi-UAV cooperative reconnaissance path planning with genetic algorithm

A matching model for plant growth environment based on weighted multi-dimensional tree designed for big data

Self-healing reconfiguration scheme for distribution network with distributed generations based on multi-agent systems

Collective behavior simulation based on agent with artificial emotion

The simulation model on delay time of road accessibility based on intelligent traffic control system

A dynamic clustering based method in community detection

Premium Partner