Christophe Thanks for the reply. Merci.
> > Is anyone doing research into the Registry, that > they are able to publicly share? I'm interested in > working with others to develop ways of pulling > information from system images, specifically from > the raw Registry files. [snip] > You could use reglookup to export registry files > into flat text files. > This tool is on our boot cd since version 10.0 : > www.lnx4n6.be Thanks, but I've already got that part covered. I wrote Perl code to do it for me...Perl code which runs on any platform that supports Perl. I've also written capabilities to do searches, rather than just dump everything all at once. Again, I'm interested in going beyond the dumping and into the actual analysis. Harlan ------------------------------------------ Harlan Carvey, CISSP "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://windowsir.blogspot.com ------------------------------------------
