Recovery method for deleted data in registry

A recovery method and technology for deleting data, applied in the field of data security, can solve problems such as inability to recover key-value data, and achieve the effect of wide practicability and multiple usage scenarios

Inactive Publication Date: 2017-03-22
THE THIRD RES INST OF MIN OF PUBLIC SECURITY
View PDF2 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0013] Aiming at the problem that existing registry deletion file recovery technology cannot recover key-value data deleted in the registry, the purpose of the present invention is to provide a data recovery scheme for deleted key-value data in the registry

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to make the technical means, creative features, goals and effects achieved by the present invention easy to understand, the present invention will be further described below in conjunction with specific examples.

[0027] When the user is using the operating system, some usage traces, including the record of U disk plugging and unplugging, are stored in the registry file. When the user deletes the software or deletes the key value through the registry API, the data will be deleted. After the data is deleted, it is not really cleared, but a deletion mark is marked to indicate that this piece of data has been deleted. When new data is written, this data area may be overwritten.

[0028] In the above cases, when it is necessary to restore the deleted data for forensics, since the registry file itself has not been deleted, if the traditional file-based deletion recovery method is used, the deleted registry key data cannot be recovered, and this method cannot be appl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a recovery method for deleted data in a registry. The HIVE file of the registry is scanned to identify all deleted key values in the registry, a parent key to which each sub-key belongs is found through the sub-key, and the parent keys are connected to obtain a data linked list. Through the recovery method, the deleted key value data deleted in the HIVE file of the registry can be recovered, and the problem that an existing recovery technology only can carry out data recovery by aiming at a situation that the HIVE file is deleted can be effectively solved.

Description

technical field [0001] The invention relates to data security technology, in particular to a system registry data recovery technology. Background technique [0002] The registry is equivalent to the data files of all 32-bit hardware / drivers and 32-bit applications in the Windows system, and is a database of system information. In the case of system settings and default user configuration data, Windows registry files are multiple files stored in the \system folder\SYSTEM32\CONFIG directory. The content of the file is as follows: [0003] SYSTEM: store computer hardware and system information; [0004] NTUSER.DAT: Store the information selected by the user (this file is placed in the user's personal directory, which is separate from other registry files); [0005] SAM: database of users and passwords; [0006] SECURITY: security setting information; [0007] SOFTWARE: installed software information; [0008] DEFAULT: information about the default startup user; [0009] ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/14G06F17/30
CPCG06F11/1448G06F11/1469G06F16/16
Inventor 吴松洋王旭鹏杜琳熊雄
Owner THE THIRD RES INST OF MIN OF PUBLIC SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap