ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "RegXML"

From ForensicsWiki
Jump to: navigation, search
m (Created page with 'RegXML is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files. ==Sample XML== <pre> <?xml version="1.0"?> <Registry> <Key Name="…')
 
(Add link to RegXML software from Nelson)
Line 1: Line 1:
 
RegXML is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
 
RegXML is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.
 +
 +
Software to produce and analyze RegXML is available [https://users.soe.ucsc.edu/~ajnelson/research/nelson_ifip12/ here].
  
 
==Sample XML==
 
==Sample XML==

Revision as of 22:55, 12 March 2012

RegXML is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.

Software to produce and analyze RegXML is available here.

Sample XML

<?xml version="1.0"?>
<Registry>
	<Key Name="HKEY_CURRENT_USER">
		<Key Class="" Name="Console">
			<Value Name="ColorTable00" Type="REG_DWORD" Value="0" />
			<Value Name="ColorTable01" Type="REG_DWORD" Value="8388608" />
			<Value Name="ColorTable02" Type="REG_DWORD" Value="32768" />
			<Value Name="ColorTable03" Type="REG_DWORD" Value="8421376" />
			<Value Name="ColorTable04" Type="REG_DWORD" Value="128" />
			<Value Name="ColorTable05" Type="REG_DWORD" Value="8388736" />
			<Value Name="ColorTable06" Type="REG_DWORD" Value="32896" />
			<Value Name="ColorTable07" Type="REG_DWORD" Value="12632256" />
			<Value Name="ColorTable08" Type="REG_DWORD" Value="8421504" />
			<Value Name="ColorTable09" Type="REG_DWORD" Value="16711680" />
			<Value Name="ColorTable10" Type="REG_DWORD" Value="65280" />
			<Value Name="ColorTable11" Type="REG_DWORD" Value="16776960" />
			<Value Name="ColorTable12" Type="REG_DWORD" Value="255" />
			<Value Name="ColorTable13" Type="REG_DWORD" Value="16711935" />
			<Value Name="ColorTable14" Type="REG_DWORD" Value="65535" />
			<Value Name="ColorTable15" Type="REG_DWORD" Value="16777215" />
			<Value Name="CursorSize" Type="REG_DWORD" Value="25" />
			<Value Name="EnableColorSelection" Type="REG_DWORD" Value="0" />
			<Value Name="ExtendedEditKey" Type="REG_DWORD" Value="0" />
			<Value Name="ExtendedEditKeyCustom" Type="REG_DWORD" Value="0" />
			<Value Name="FontFamily" Type="REG_DWORD" Value="0" />
			<Value Name="FontSize" Type="REG_DWORD" Value="0" />
			<Value Name="FontWeight" Type="REG_DWORD" Value="0" />
			<Value Name="FullScreen" Type="REG_DWORD" Value="0" />
			<Value Name="HistoryBufferSize" Type="REG_DWORD" Value="50" />
			<Value Name="HistoryNoDup" Type="REG_DWORD" Value="0" />
			<Value Name="InsertMode" Type="REG_DWORD" Value="1" />
			<Value Name="LoadConIme" Type="REG_DWORD" Value="1" />
			<Value Name="NumberOfHistoryBuffers" Type="REG_DWORD" Value="4" />
			<Value Name="PopupColors" Type="REG_DWORD" Value="245" />
			<Value Name="QuickEdit" Type="REG_DWORD" Value="0" />
			<Value Name="ScreenBufferSize" Type="REG_DWORD" Value="19660880" />
			<Value Name="ScreenColors" Type="REG_DWORD" Value="7" />
			<Value Name="TrimLeadingZeros" Type="REG_DWORD" Value="0" />
			<Value Name="WindowSize" Type="REG_DWORD" Value="1638480" />
			<Value Name="WordDelimiters" Type="REG_DWORD" Value="0" />
		</Key>
	</Key>
</Registry>


See Also