-
Notifications
You must be signed in to change notification settings - Fork 26
Expand file tree
/
Copy pathlibregf.ini
More file actions
74 lines (64 loc) · 2.37 KB
/
libregf.ini
File metadata and controls
74 lines (64 loc) · 2.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
[project]
name: "libregf"
status: "alpha"
year_of_creation: "2009"
data_format: "Windows NT Registry File (REGF)"
documentation_url: "https://github.com/libyal/libregf/tree/main/documentation"
features: ["debug_output", "ossfuzz", "python_bindings", "tools"]
[dtFabric]
data_types: {
"file_header": {
"__options__": ["file_io_handle"],
"signature": {},
"primary_sequence_number": {},
"secondary_sequence_number": {},
"modification_time": {},
"major_format_version": {"usage": "in_struct"},
"minor_format_version": {"usage": "in_struct"},
"file_type": {"usage": "in_struct"},
"unknown1": {"debug_format": "hexadecimal"},
"root_key_offset": {"debug_format": "hexadecimal", "usage": "in_struct"},
"hive_bins_data_size": {"usage": "in_struct"},
"unknown2": {"debug_format": "hexadecimal"},
"unknown3": {"debug_format": "hexadecimal"},
"unknown4": {"debug_format": "hexadecimal"},
"checksum": {"debug_format": "hexadecimal", "usage": "in_function"}
}}
[library]
features: ["pthread", "wide_character_type"]
public_types: ["file", "key", "multi_string", "value"]
[tools]
build_dependencies: ["fuse"]
description: "Several tools for reading Windows NT Registry Files (REGF)"
names: ["regfexport", "regfinfo", "regfmount"]
[info_tool]
source_description: "a Windows NT Registry File (REGF)"
source_type: "file"
[mount_tool]
features: ["codepage"]
file_entry_example: "ControlSet001"
file_entry_modification_time: "last_written_time"
file_entry_modification_time_type: "filetime"
file_entry_type: "key"
file_system_type: "file"
mounted_description: "directories and files that provide the items contained in the REGF file"
source: "SYSTEM.DAT"
source_description: "a REGF file"
source_description_long: "a Windows NT Registry File (REGF)"
source_type: "file"
[troubleshooting]
example: "regfinfo NTUSER.DAT"
[development]
main_object: "file"
main_object_filename: "NTUSER.DAT"
item_object: "key"
item_path: "\\Software\\Microsoft\\Windows\\CurrentVersion"
[test_data]
repository: "log2timeline/dfwinreg"
files: ["NTUSER.DAT", "SOFTWARE", "SYSTEM"]
[tests]
profiles: ["libregf", "pyregf", "regfinfo", "regfinfo_hierarchy", "regfexport"]
info_tool_options_per_profile: ["", "-H"]
info_tool_profiles: ["regfinfo", "regfinfo_hierarchy"]
example_filename1: "NTUSER.DAT"
example_filename2: "SYSTEM"