Friday, November 30, 2007

Registery Repository Project....

Well now that I am back from Holiday and waded through all the e-mails and voice mails I can finally try and get something out here.

For anyone who has not followed the comments on Harlans blog for Pimp my Registry I have volunteered to create a database for a registry repository. I have created an initial ERD diagram and was wondering if all you readers out there would take a look at it and see if there is any information that I have missed. I tried to keep the names informative so that is why they seem long. The pdf can be found here. A description of the fields can be found here

The group_app table will define what type of investigation you may want to do, ie: CP, Fraud, IR, etc.. The category_table will define the type of categories the apps are, ie: P2P, Internet, Security, ETC.. I also tried to think ahead and added the tables to be used for Parameter files (INI and config files) and any notable files that might be used within an application. I have also added a user table because I think it is important that who ever submits entries to be added should be able to be contacted to ask questions about them. This will also provide some ownership to the data as well.

I have also thought of a few other things to add but I would like the public's opinion. Do the following fields add value to the Registry_Info table?

Key_created_on_Install - was the key created on installation of the app or created later

Format of data - Unicode, ROT13, etc..


Are there any other additions anyone thinks should be added?

The main goal of this project will be to collect this information into 1 source and then from that source export the information into usable files (parameter files, xml, html, csv, etc..) that can be used with other programs as well as the programs that I have written to read/parse the registry into a database and report on it.

Hopefully this will all makes sense to you.

As always Questions/Comments/Thoughts/Modifications?

8 comments:

Harry Parsonage said...

Sounds like a good project, I'm not sure about the Category_App table though, Fraud say could involve any sort of app so I have difficulty in seeing how such a table would have any real practical use.

Are you envisaging someone producing some sort of simple software tool that you could point to a particular key to export the key name/values in the required format, otherwise it would be pretty tedious to input? Or having the capabilty to import .reg or other such files.

regards

Mark McKinnon said...

Harry,

The category_app portion was so that you could corralate all the registry keys that were involved in a fraud case for example. So if you wanted to see what types of registry keys might be useful in a fraud investigation this would show you. The group_app is the same type. Now certain keys will be defined to different categorys and groups so there will be some overlap that is why there is the App_Registry_Info table to keep all the data in 3rd normal form (for all you DB people out there).

As for the software I plan on having a gui program to insert/update/delete/view the information and also a program that will output the data into many different formats.

HTH.

Mark

TVD said...

Mark,

You've probably already noticed this, but just in case: Under "Application_Info", the field name for Company_Address_2 is misspelled.

Just ran across your site today (from Harlan's blog) and think the repository project is a great idea.

Anonymous said...

Have you ever wondered why louis vuitton bags make so many of the same style of bags, just in different colors or material? I often wondered that same question until it hit me one day, while standing in the rain, clutching my louis handbags to my chest, like it was a baby. Designers know that some particular Damier Azur are not meant to be worn at particular times. You can never go wrong with owning more than one Damier Canvas .

hermes shoulder birkin said...

I felt very happy while reading this site. This was really very informative site for me. I really liked it. This was really a cordial post. Thanks a lot!.

games girls said...

Thank you for that information you article. I think I need it. Thank you
----
games 2 girls | games2girls 2 | games2girls

clickjogos said...

Wonderful, very useful information for me, thank you for sharing
---
apply baixar facebook online free and Facebook movil online free and apply Facebook Movil Gratis

baixar mobogenie said...

This is wonderful. This is precisely the article I needed to read today
----
descargar whatsapp para android

and Facebook Iniciar Sesion Celular | Facebook Movil Gratis