12:53 a.m.
I've been trying to get/dump a copy of a certain registry hive from the memory.
Managed to list down their offsets using hivelist plugin but unable to find ways of
dumping them to files. My intention is to load it to other tools such as regripper as
input/target registry files.
Has any one found a way of doing it?
Thank you very much in advance.
Kind regards,
Roger
10:22 a.m.
Hi Roger,
Try using the dumpfiles plugin:
http://code.google.com/p/volatility/wiki/CommandReference23#dumpfiles
You can use an example similar to the event logs one in order to dump
the registry file. Let me know if you need help.
All the best,
-Jamie
On 2/17/2014 12:53 AM, Roger wrote:
I've been trying to get/dump a copy of a certain
registry hive from the memory. Managed to list down their offsets using hivelist plugin
but unable to find ways of dumping them to files. My intention is to load it to other
tools such as regripper as input/target registry files.
Has any one found a way of doing it?
Thank you very much in advance.
Kind regards,
Roger_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
--
Jamie Levy (@gleeda)
Blog: http://volatility-labs.blogspot.com/
GPG: http://pgp.mit.edu/pks/lookup?op=get&search=0x196B2AB527A4AC92
Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92
3923
days inactive
3923
days old
vol-users@lists.volatilityfoundation.org
1 comments
2 participants
participants (2)
-
Jamie Levy -
Roger