How to scan the registry in a backup copy of Windows?

Page 1 of 2 12 LastLast

  1. pokeefe0001
    Posts : 720
    Win10 x64 Pro - 2 desktops, 2 laptops
       New #1

    How to scan the registry in a backup copy of Windows?


    I have a backup of Windows - a Macrium Reflect image backup - and want to scan the registry in it. I can mount the image copy and access it from Windows but don't know where to go after that. I would like to the NirSoft RegScanner but I don't think it has that capability so I'm willing to use RegEdit if I must.

    I've read a description of doing this with RegEdit, but it sounded like RegEdit would modify the existing registry in order to access the external copy. That makes no sense to me so I suspect I misunderstood, but I don't want to try until I understand the process better.

    And on a related topic, I've used RegScanner for years and feel comfortable with it, but are there better tools? I have no desire to modify the registry from the tool - just scan for and view registry records, and, if needed, create RegEdit input if a modification is needed. (I may be paranoid, but I don't want a 3rd party tool making bulk changes to the registry.)

    Win 10 21H1 (build 19043.1415)
      My Computer
    Quote Quote

  3. MaloK
    Posts : 2,800
    Windows 7 Pro
       New #2

    Hi,

    If you are used to Regscanner, You can use it as you where in Windows PE to load the offline Hives.

    You can also load them the old fashion way with regedit.
      My Computers
    Quote Quote

  4. Bree
    Posts : 31,679
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       New #3

    pokeefe0001 said:
    I have a backup of Windows - a Macrium Reflect image backup - and want to scan the registry in it. I can mount the image copy and access it from Windows but don't know where to go after that...

    Your profile says you have W10 Pro, and Pro includes Hyper-V. Have you ever used a Hyper-V virtual machine? Did you know that you can run a Macrium image as a virtual machine using the viBoot tool? Then you would be free to use any tools you like....

    Macrium viBoot - Create Virtual Machine using Macrium Image
      My Computers
    Quote Quote

  6. pokeefe0001
    Posts : 720
    Win10 x64 Pro - 2 desktops, 2 laptops
    Thread Starter
       New #4

    Bree said:
    ... Have you ever used a Hyper-V virtual machine? Did you know that you can run a Macrium image as a virtual machine using the viBoot tool? Then you would be free to use any tools you like....
    Macrium viBoot - Create Virtual Machine using Macrium Image
    I activated Hyper-V support a couple weeks ago, but have never delved into virtual machines. That includes Macrium's viBoot. I consider such things a bit above my pay grade, but maybe it's time I look into it. (I did consider it earlier today.)
      My Computer
    Quote Quote

  7. SIW2
    Posts : 4,594
    several
       New #5

    A safe way is to copy the hives out of the image into a folder e.g. on your desktop.

    You can then load those hives and search them. You will find default, software and system hives in \windows\system32\config

    Depending what you are looking for some of the info could be in users\yourusername\ntuser.dat ( which is also a hive)

    It is quite easy to load them from the folder on your desktop in regedit or similar and scan with regscan or whatever.
      My Computer
    Quote Quote

  8. Bree
    Posts : 31,679
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       New #6

    pokeefe0001 said:
    I activated Hyper-V support a couple weeks ago, but have never delved into virtual machines. That includes Macrium's viBoot. I consider such things a bit above my pay grade, but maybe it's time I look into it. (I did consider it earlier today.)

    With viBoot you can have a Hyper-V VM set up and running in a couple of minutes, one more if you want it to access the internet. It's so simple I often do it just to verify the integrity of a Macrium image.
      My Computers
    Quote Quote

  9. SIW2
    Posts : 4,594
    several
       New #7

    If you are not sure where to look, you can check hklm\system\currentcontrolset\control\hivelist
    They will be in the corresponding places in your image

    How to scan the registry in a backup copy of Windows?-hivelist1.jpg
      My Computer
    Quote Quote

  10. pokeefe0001
    Posts : 720
    Win10 x64 Pro - 2 desktops, 2 laptops
    Thread Starter
       New #8

    Bree said:
    With viBoot you can have a Hyper-V VM set up and running in a couple of minutes, one more if you want it to access the internet. ...
    You're right. That was painless. It would be nice to figure out how to give one of my USB ports to the VM, but that's for a future date.

    SIW2 said:
    A safe way is to copy the hives out of the image into a folder e.g. on your desktop.
    You can then load those hives and search them. You will find default, software and system hives in \windows\system32\config
    ... It is quite easy to load them from the folder on your desktop in regedit or similar and scan with regscan or whatever.
    I'll give that a try when I get time. I'm not sure I can tell RegScanner to look anywhere other than \windows\system32\config.
      My Computer
    Quote Quote

  12. Bree
    Posts : 31,679
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       New #9

    pokeefe0001 said:
    You're right. That was painless. It would be nice to figure out how to give one of my USB ports to the VM, but that's for a future date.
    If the image is for a machine that has Pro installed, then you can connect in Enhanced Mode.

    Enhanced session mode provides the following new capabilities for Virtual Machine Connection sessions:

    • Display Configuration (dynamically re-size window)
    • Audio redirection
    • Printer redirection
    • Full clipboard support (improved over limited prior-generation clipboard support)
    • Smart Card support
    • USB Device redirection
    • Drive redirection
    • Redirection for supported Plug and Play devices
    Turn On or Off Hyper-V Enhanced Session Mode in Windows 10


    How to scan the registry in a backup copy of Windows?-image.png

    Enhanced mode is not available if the VM is running Windows Home. If so, then add a network adapter to the VM in its Settings, connected to the Default Switch. Then share the usb drive on the host machine. You can connect to the share from within the VM.

    How to scan the registry in a backup copy of Windows?-image.png
      My Computers
    Quote Quote

  13. AddRAM
    Posts : 4,594
    Windows 10 Pro
       New #10

    CCleaner.

    Download CCleaner | Clean, optimize & tune up your PC, free!

    Just run it til there`s nothing left to clear.
      My Computers
    Quote Quote

 

  Related Discussions
How to Enable Automatic Backup of System Registry to RegBack folder when Computer Restarts in Windows 10 Windows 10 used to back up the registry to the RegBack folder when the computer restarts, and created a RegIdleBackup task to manage...
I had problems with this starting my pc from sleep a very long time ago. I no longer sleep my pc, and I hate to leave things "broken" when it can be avoided. (i intend to never reformat this pc ever courtesy of macriums restore to dissimilar...
I recently purchased a laptop with the Win 10 o.s. Will the Erunt program run with Windows 10? I ve used it on XP and 7, but haven't tried it on 10. I d like to find out if it does indeed work before I try installing it. Thank you.
This could be one of the ridiculous post have ever made. But, I have been wondering what will happen if I backup all of the registry keys, reset Windows 10, and then restore the registry keys? Will it affect device driver? Will the device be bricked?
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 09:59.
Find Us




Windows 10 Forums