I've used RegView in the past to peek into the registry. It's essentially a DOS based Regedit.
http://www.regview.com/regview/ Mike Fetherston > -----Original Message----- > From: Rikard Johnels [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 11, 2006 2:00 PM > To: [email protected] > Subject: Analysing a Windows registry from Linux or another Windows system > > Hello! > I have been set to analyse two windows registry files from a compromised > Win98 > system. All i am given is the user.dat and system.dat files from the > recovered disk. > > How can i read these files and recover data from them? > Especially we need the ISP settings (Modem. It has no network card) to be > able > to verify where this specific computer was connecting to. > > Any tips or pointers? > > -- > /Rikard > > -------------------------------------------------------------------------- > --- > email : [EMAIL PROTECTED] > web : http://www.rikjoh.com > mob: : +46 (0)763 19 76 25 > ------------------------ Public PGP fingerprint -------------------------- > -- > < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >
