Where does Windows Vista store registry data on the hard drive?

windows-registry data-recovery windows-vista

If you can believe it, a program I've been using for several years saves its data using the Windows registry!

I need to recover this data from a backup drive.

Where does Windows Vista store registry information on the hard drive?

I've looked in C:\Windows\system32\config but I've seem to hit a dead end here. Here's the contents of that directory:

256K May 31  2008 BCD-Template
 37K May 31  2008 BCD-Template.LOG
  0B Nov  2  2006 BCD-Template.LOG1
  0B Nov  2  2006 BCD-Template.LOG2
 30M Jun 30 15:04 COMPONENTS
1.0K Dec 21  2006 COMPONENTS.LOG
256K Jun 30 15:04 COMPONENTS.LOG1
  0B Nov  2  2006 COMPONENTS.LOG2
8.0K Nov  2  2006 COMPONENTS.SAV
512K Jun 30 15:04 DEFAULT
1.0K Dec 21  2006 DEFAULT.LOG
256K Jun 30 15:04 DEFAULT.LOG1
  0B Nov  2  2006 DEFAULT.LOG2
 20K Nov  2  2006 DEFAULT.SAV
  0B Nov  2  2006 Journal/
8.0K Jun 21 09:36 RegBack/
256K Jun 30 07:57 SAM
1.0K Dec 21  2006 SAM.LOG
256K Jun 30 07:57 SAM.LOG1
  0B Nov  2  2006 SAM.LOG2
256K Jun 30 15:04 SECURITY
1.0K Dec 21  2006 SECURITY.LOG
256K Jun 30 15:05 SECURITY.LOG1
  0B Nov  2  2006 SECURITY.LOG2
8.0K Nov  2  2006 SECURITY.SAV
 39M Jun 30 15:04 SOFTWARE
1.0K Dec 21  2006 SOFTWARE.LOG
256K Jun 30 15:05 SOFTWARE.LOG1
  0B Nov  2  2006 SOFTWARE.LOG2
9.7M Nov  2  2006 SOFTWARE.SAV
 17M Jun 30 15:04 SYSTEM
1.0K Dec 21  2006 SYSTEM.LOG
256K Jun 30 15:04 SYSTEM.LOG1
  0B Nov  2  2006 SYSTEM.LOG2
1.7M Nov  2  2006 SYSTEM.SAV
4.0K Sep 22  2008 TxR/
4.0K Jun 30 07:58 systemprofile/

I'm looking for HKEY_CURRENT_USER/Software/...


The HKCU hive is held in NTUSER.DAT (or a similar filename) under the profile's directory:

C:\Users\<NAME>\Ntuser.dat

You can enable viewing system files or when opening the file in regedit select HKEY_LOCAL_MACHINE, Go to File » Load Hive, Browse to C:\Users\<NAME>, Type Ntuser.dat into the file name box and select Open.


You are in the right directory, the registry hives are the files with no file extensions, with the exception of HKCU, which is the NTUSER,dat file

http://ezinearticles.com/?Windows-XP-Registry-Files-Revealed---Structure-And-Location&id=763552

In the registry, there are hives that correspond to several files. Hives are a collection of keys, subkeys and values that contain the configurations for the operating system and programs. In the registry, there are 5 groups: HKEY_CLASSES_ROOT(HKCR), HKEY_CURRENT_USER(HKCU), HKEY_LOCAL_MACHINE(HKLM), HKEY_USERS(HKU), and HKEY_CURRENT_CONFIG(HKCC).

For the corresponding hives, you will see several types of extensions: no extension, .alt, .log, and .sav.

No Extension: The complete registry hive

.alt: An alternate copy of the registry hive

.log: A log of changes that have occurred within the registry hive

.sav: This is an automatic backup created from when a setup or program installation occurs.

Here are the corresponding files:

HKCC: System, System.alt, System.log, System.sav

HKCU: Ntuser.dat, Ntuser.dat.log

HKLMSAM: Sam, Sam.log, Sam.sav

HKLMSecurity: Security, Security.log, Security.sav

HKLMSoftware: Software, Software.log, Software.sav

HKLMSystem: System, System.alt, System.log, System.sav

HKU.DEFAULT: Default, Default.log, Default.sav

Related

Disable S.M.A.R.T. in Windows 7?
Virtualbox: Raw linux partition not booting
Editing the /etc/launchd.conf file in OS X
How to install Emacs (Text editor) on ubuntu Linux
What does "com.developer.application" mean?
How can I backup a Ubuntu system and restore it on another maching with completely different hardware?
Securing my wireless network
How to start a group chat in Google Talk client?
Setting file creation date in Mac OS X
Windows 7 setup hangs after "Starting Windows..."-screen
how to set automatic NTFS LZX compression on new files
How can I convert an OpenOffice document to PDF from the Linux command line?