Re: [sleuthkit-users] Win98 registry
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Win98 registry
|
From: Seth A. <sa...@im...> - 2005-02-09 19:20:24
|
On Wed, Feb 09, 2005 at 07:44:29AM -0800, sec...@hu... wrote: > Is there a way to view the Windows 98 (or any other version) > registry with Sleuthkit? If not, anyone know of a tool/technique > (e.g. vmware) where I can mount an image read-only and view its > registry? You could extract the registry files (memory fails me, but osmething like user.dat and system.dat comes to mind) from the system using sleuthkit and then import them into another windows ssystem for viewing. (I think encase has history tools for the registry, but i can't promise that.) |
