nt_hive2
| Crates.io | nt_hive2 |
| lib.rs | nt_hive2 |
| version | 4.2.3 |
| source | src |
| created_at | 2022-04-19 19:10:17.866525 |
| updated_at | 2024-07-17 15:06:47.764282 |
| description | forensic parser library for Windows registry hive files |
| homepage | |
| repository | https://github.com/dfir-dd/nt-hive2 |
| max_upload_size | |
| id | 570595 |
| size | 1,499,160 |
Jan Starke (janstarke)
documentation
README
nt_hive2
Warning The tools of this repository have been moved to https://github.com/dfir-dd/dfir-toolkit
You can install the tools by running
cargo install dfir-toolkitThe lib itself will stay available here
This crates aims to be a replacement of https://github.com/ColinFinck/nt-hive, with the following differences:
- use of BinRead to parse hive files
- support of displaying last written timestamps
- recovery of deleted cells
Usage example for developers
use std::fs::File;
use nt_hive2::*;
#
let hive_file = File::open("tests/data/testhive")?;
let mut hive = Hive::new(hive_file)?;
let root_key = hive.root_key_node()?;
for sk in root_key.subkeys(&mut hive)?.iter() {
println!("\n[{}]; last written: {}", sk.borrow().name(), sk.borrow().timestamp());
for value in sk.borrow().values() {
println!("\"{}\" = {}", value.name(), value.value());
}
}
License: GPL-3.0