sleuthkit-users Mailing List for The Sleuth Kit (Page 185)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RegDat did the trick.  Thanks a bunch. In fact, I did not see this
documented anywhere but there were three registry files from the
Windows 98 c:\Windows directory that RegDat was able to view:
system.dat, user.dat and hwinfo.dat (there was no policy.pol file):

system.dat === HKEY_LOCAL_MACHINE
user.dat ===== HKEY_CURRENT_USER
hwinfo.dat === HKEY_USERS

I installed RegDat on a Win2K machine and copied the *.dat files
over and examined them there.

Again, very helpful.

Regards,

SH

On Thu, 10 Feb 2005 05:16:35 -0800 =?iso-8859-1?Q?Marcus_M=FCller?=
<mu...@lo...> wrote:
>You can use Regdat from H.Ulbrich for Windows 98 (or RegdatXP for
>other
>Windows versions) to view the registry from system.dat and
>user.dat files
>only. You can either extract these files via sleuthkit/autopsy
>from a dd
>image or use a BartPE Boot CD to access these files. In the latter
>case you
>should always use a VMWare with a copy of the image as BartPE
>modifies the
>file system and thus the MD5 values of the image changes.
>
>Marcus
>
>> -----Ursprüngliche Nachricht-----
>> Von: sle...@li...
>> [mailto:sle...@li...] Im
>> Auftrag von sec...@hu...
>> Gesendet: Mittwoch, 9. Februar 2005 16:44
>> An: sle...@li...
>> Betreff: [sleuthkit-users] Win98 registry
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Is there a way to view the Windows 98 (or any other version)
>> registry with Sleuthkit? If not, anyone know of a
>> tool/technique (e.g. vmware) where I can mount an image
>> read-only and view its registry?
>>
>> Thanks,
>>
>> SH
>> -----BEGIN PGP SIGNATURE-----
>> Note: This signature can be verified at
>> https://www.hushtools.com/verify
>> Version: Hush 2.4
>>
>>
>wkYEARECAAYFAkIJ6ZIACgkQRBFe1uc9INpPFACaAhldqv0Yb2JxlqmJwsq0Hn3+rao
>A
>> niw5NrV1kq+QyP5nerbhPF7qC0ZA
>> =YNxW
>> -----END PGP SIGNATURE-----
>>
>>
>>
>> -------------------------------------------------------
>> SF email is sponsored by - The IT Product Guide Read honest &
>> candid reviews on hundreds of IT Products from real users.
>> Discover which products truly live up to the hype. Start reading
>now.
>> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
>> _______________________________________________
>> sleuthkit-users mailing list
>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>> http://www.sleuthkit.org
>
>
>
>-------------------------------------------------------
>SF email is sponsored by - The IT Product Guide
>Read honest & candid reviews on hundreds of IT Products from real
>users.
>Discover which products truly live up to the hype. Start reading
>now.
>http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
>_______________________________________________
>sleuthkit-users mailing list
>https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
>http://www.sleuthkit.org
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkIOvuwACgkQRBFe1uc9INrf2ACgt4I/b9QCCYw8ywThvBQgo2lj8F0A
niDdmfI+SsqMKeqLzZI8mCE31a39
=F2rH
-----END PGP SIGNATURE-----

2002	Jan	Feb	Mar	Apr	May	Jun	Jul (6)	Aug	Sep (11)	Oct (5)	Nov (4)	Dec
2003	Jan (1)	Feb (20)	Mar (60)	Apr (40)	May (24)	Jun (28)	Jul (18)	Aug (27)	Sep (6)	Oct (14)	Nov (15)	Dec (22)
2004	Jan (34)	Feb (13)	Mar (28)	Apr (23)	May (27)	Jun (26)	Jul (37)	Aug (19)	Sep (20)	Oct (39)	Nov (17)	Dec (9)
2005	Jan (45)	Feb (43)	Mar (66)	Apr (36)	May (19)	Jun (64)	Jul (10)	Aug (11)	Sep (35)	Oct (6)	Nov (4)	Dec (13)
2006	Jan (52)	Feb (34)	Mar (39)	Apr (39)	May (37)	Jun (15)	Jul (13)	Aug (48)	Sep (9)	Oct (10)	Nov (47)	Dec (13)
2007	Jan (25)	Feb (4)	Mar (2)	Apr (29)	May (11)	Jun (19)	Jul (13)	Aug (15)	Sep (30)	Oct (12)	Nov (10)	Dec (13)
2008	Jan (2)	Feb (54)	Mar (58)	Apr (43)	May (10)	Jun (27)	Jul (25)	Aug (27)	Sep (48)	Oct (69)	Nov (55)	Dec (43)
2009	Jan (26)	Feb (36)	Mar (28)	Apr (27)	May (55)	Jun (9)	Jul (19)	Aug (16)	Sep (15)	Oct (17)	Nov (70)	Dec (21)
2010	Jan (56)	Feb (59)	Mar (53)	Apr (32)	May (25)	Jun (31)	Jul (36)	Aug (11)	Sep (37)	Oct (19)	Nov (23)	Dec (6)
2011	Jan (21)	Feb (20)	Mar (30)	Apr (30)	May (74)	Jun (50)	Jul (34)	Aug (34)	Sep (12)	Oct (33)	Nov (10)	Dec (8)
2012	Jan (23)	Feb (57)	Mar (26)	Apr (14)	May (27)	Jun (27)	Jul (60)	Aug (88)	Sep (13)	Oct (36)	Nov (97)	Dec (85)
2013	Jan (60)	Feb (24)	Mar (43)	Apr (32)	May (22)	Jun (38)	Jul (51)	Aug (50)	Sep (76)	Oct (65)	Nov (25)	Dec (30)
2014	Jan (19)	Feb (41)	Mar (43)	Apr (28)	May (61)	Jun (12)	Jul (10)	Aug (37)	Sep (76)	Oct (31)	Nov (41)	Dec (12)
2015	Jan (33)	Feb (28)	Mar (53)	Apr (22)	May (29)	Jun (20)	Jul (15)	Aug (17)	Sep (52)	Oct (3)	Nov (18)	Dec (21)
2016	Jan (20)	Feb (8)	Mar (21)	Apr (7)	May (13)	Jun (35)	Jul (34)	Aug (11)	Sep (14)	Oct (22)	Nov (31)	Dec (23)
2017	Jan (20)	Feb (7)	Mar (5)	Apr (6)	May (6)	Jun (22)	Jul (11)	Aug (16)	Sep (8)	Oct (1)	Nov (1)	Dec (1)
2018	Jan	Feb	Mar (16)	Apr (2)	May (6)	Jun (5)	Jul	Aug (2)	Sep (4)	Oct	Nov (16)	Dec (13)
2019	Jan	Feb (1)	Mar (25)	Apr (9)	May (2)	Jun (1)	Jul (1)	Aug	Sep	Oct	Nov	Dec
2020	Jan (2)	Feb	Mar (1)	Apr	May (1)	Jun (3)	Jul (2)	Aug	Sep	Oct (5)	Nov	Dec
2021	Jan	Feb	Mar (1)	Apr	May	Jun (4)	Jul (1)	Aug	Sep (1)	Oct	Nov (1)	Dec
2022	Jan	Feb (2)	Mar	Apr	May (2)	Jun	Jul (3)	Aug	Sep	Oct	Nov	Dec
2023	Jan (2)	Feb	Mar (1)	Apr	May	Jun	Jul	Aug	Sep	Oct (1)	Nov	Dec
2024	Jan	Feb (3)	Mar	Apr (1)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2025	Jan	Feb	Mar	Apr	May	Jun	Jul (1)	Aug	Sep	Oct	Nov	Dec

sleuthkit-users Mailing List for The Sleuth Kit (Page 185)

sleuthkit-users — List to discuss Autopsy and The Sleuth Kit.