Re: Analysing a Windows registry from Linux or another Windows system

Fri, 26 May 2006 19:29:49 -0700 

Hello
The program is WRR (MiTec Windows Registry Recovery); you can download it from http://www.mitec.cz . It's a very good tool for browsing WinXP registry hive files of an off-line computer. Unfortunately I have some problem to run it on linux with wine. 

happy forensics :-)

Il giorno 26/apr/06, alle ore 18:32, Scott Gossard ha scritto:




I've used WRA before and it seems decent.  Haven't used it on a  
Win98 system though.


http://www.mitec.cz/wra.htm



-----Original Message-----
From: Rikard Johnels [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 11, 2006 2:00 PM
To: [email protected]

Subject: Analysing a Windows registry from Linux or another  
Windows system


Hello!

I have been set to analyse two windows registry files from a  
compromised

Win98
system. All i am given is the user.dat and system.dat files from the
recovered disk.

How can i read these files and recover data from them?

Especially we need the ISP settings (Modem. It has no network  
card) to be

able
to verify where this specific computer was connecting to.

Any tips or pointers?

--
         /Rikard


--------------------------------------------------------------------- 
-----

---
email   : [EMAIL PROTECTED]
web     : http://www.rikjoh.com
mob:    : +46 (0)763 19 76 25

------------------------ Public PGP fingerprint  
--------------------------

--
< 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78  46 1C EE 56 >


-----------------------------------------
*******************************************************************
*** This email and any files transmitted with it are confidential
and intended solely for the individual or entity to whom they are
addressed. If you have received this email in error destroy it
immediately. ******************************************************
**************** Wal-Mart Confidential ****************************
******************************************


-----------------------------------------
*******************************************************************
*** This email and any files transmitted with it are confidential
and intended solely for the individual or entity to whom they are
addressed. If you have received this email in error destroy it
immediately. ******************************************************
**************** Wal-Mart Confidential ****************************
******************************************






________ Information from NOD32 ________
This message was checked by NOD32 Antivirus System for Linux Mail Server.
http://www.nod32.com






















					Reply via email to