AW: [sleuthkit-users] Win98 registry
Brought to you by:
carrier
Menu
▾
▴
AW: [sleuthkit-users] Win98 registry
|
From: <mu...@lo...> - 2005-02-10 13:16:55
|
You can use Regdat from H.Ulbrich for Windows 98 (or RegdatXP for other Windows versions) to view the registry from system.dat and user.dat = files only. You can either extract these files via sleuthkit/autopsy from a dd image or use a BartPE Boot CD to access these files. In the latter case = you should always use a VMWare with a copy of the image as BartPE modifies = the file system and thus the MD5 values of the image changes. Marcus > -----Urspr=FCngliche Nachricht----- > Von: sle...@li...=20 > [mailto:sle...@li...] Im=20 > Auftrag von sec...@hu... > Gesendet: Mittwoch, 9. Februar 2005 16:44 > An: sle...@li... > Betreff: [sleuthkit-users] Win98 registry >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > Is there a way to view the Windows 98 (or any other version)=20 > registry with Sleuthkit? If not, anyone know of a=20 > tool/technique (e.g. vmware) where I can mount an image=20 > read-only and view its registry? >=20 > Thanks, >=20 > SH > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at=20 > https://www.hushtools.com/verify > Version: Hush 2.4 >=20 > wkYEARECAAYFAkIJ6ZIACgkQRBFe1uc9INpPFACaAhldqv0Yb2JxlqmJwsq0Hn3+raoA > niw5NrV1kq+QyP5nerbhPF7qC0ZA > =3DYNxW > -----END PGP SIGNATURE----- >=20 >=20 >=20 > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide Read honest &=20 > candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
