Jun 122011
1. Boot from PE image.
2. In command line type regedit.
3. Select HKEY_LOCAL_MACHINE or HKEY_USERS (up to you).
4. Go to File->Load Hive… menu.
5. In the opened explorer windows select the needed registry hive file. The following table shows the location of registry hive files.
Hive Registry Paths and Corresponding On-Disk Files
| Hive Registry Path | Hive File Path |
| HKEY_LOCAL_MACHINE \SYSTEM | \winnt\system32\config\system |
| HKEY_LOCAL_MACHINE \SAM | \winnt\system32\config\sam |
| HKEY_LOCAL_MACHINE \SECURITY | \winnt\system32\config\security |
| HKEY_LOCAL_MACHINE \SOFTWARE | \winnt\system32\config\software |
| HKEY_LOCAL_MACHINE \HARDWARE | Volatile hive |
| HKEY_LOCAL_MACHINE \SYSTEM \Clone | Volatile hive |
| HKEY_USERS \UserProfile | Profile; usually under \winnt\profiles\usere |
| HKEY_USERS.DEFAULT | \winnt\system32\config\default |
| HKEY_CURRENT_USER | \Users\%userprofile%\ntuser.dat |
Now you can read write registry from offline image.
P.S. Unload the hive after a using.