WARNING: This post involves playing around with your operating system’s registry. You use this information at your own risk. For other warnings, please see the disclaimer.
Recently, I had to recover some data from another computer which had crashed and the only thing I had left was its hard drive.
While this is a fairly common occurrence, what made this unusual for me was some of the information I needed was in that computer’s registry.
While I’m familiar with access the local machine’s registry as well as a remote machine’s registry, I wasn’t familiar with accessing the registry files directly from a disk. Here’s how you do it:
1. Open your Registry Editor
Click your Windows icon, type “regedit” and select regedit.exe from the list of apps.
2. Select the desired registry hive
There are several different hives which are stored on disk for your operating system. To see the file locations for the hives, you can go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\hivelist. To save you the trip, here they are:
You can also find the Default User registry hive in the same directory:
For Windows Vista or later, If you want to find specific users, go to the \Users folder on the root of the drive (assuming you have the old “C:” drive or boot drive) and look for NTUSER.DAT in the root of the user profile directory. For Windows XP and earlier, you’ll find the profiles under \Documents and Settings.
3. Load the desired registry hive
It doesn’t really matter what hive you want to look at; the process works the same for any. In this case, I want to look at the old machine’s SOFTWARE hive, so select HKEY_LOCAL_MACHINE.
Now, click on the File menu and select “Load Hive…”.
Browse to file location on the hard drive and select the hive which you wish to load.
The hive you’re loading is going to show up as a registry key in Registry Editor. Click “Open”, and give the new key a name.
You’ll see that the new registry key appears under HKEY_LOCAL_MACHINE.
4. Unload the hive once you’re done
Once you’ve found the information you need, make sure you get rid of this key you’ve created. It most likely won’t harm anything if you forget (after all, nothing in the OS is going to look for information there), but better safe than sorry. You can’t just delete the key (you’ll get an error). Instead, you have to unload the hive. Just select the key, go to the File menu and select “Unload Hive…” and you’re done.
I hope this helps someone and saves some time. If you see anything wrong, please let me know.