Home > Forensic Tools & Techniques Taxonomy
| Forensic Functionality: | Windows Registry Analysis |
|---|
| Description: | No description available. |
|---|
| Technical Parameters: |
|---|
|
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
Windows |
raw (dd) |
active Registry |
Supports Registry rebuilding |
Supports deleted key recovery |
Supports display of key and value instances |
Support for pre-built reports |
|
Mac |
EnCase Evidence File Format Version 2 (.ex01) |
active file system |
Registry rebuilding unsupported |
Deleted key recovery not supported |
No support for displaying key and value instances |
Pre-built reports not supported |
|
Linux |
Expert Witness (.e01) |
Windows restore points |
|
|
|
|
|
|
virtual disk format (e.g., .vdi, .vhd, .vmdk) |
volume shadow copies |
|
|
|
|
|
|
physically mounted slave drive |
unallocated space |
|
|
|
|
|
|
loose hive(s) |
automated hive extraction and parsing not supported |
|
|
|
|
