forked from EricZimmerman/KapeFiles
-
Notifications
You must be signed in to change notification settings - Fork 0
/
RegistryHives.tkape
23 lines (22 loc) · 1.09 KB
/
RegistryHives.tkape
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Description: System and user related Registry hives
Author: Eric Zimmerman
Version: 1.2
Id: 76af6086-bd0b-429f-bfd7-4a8e8ff8138f
RecreateDirectories: true
Targets:
-
Name: System Registry Files
Category: Registry
Path: RegistryHivesSystem.tkape
-
Name: User Level Registry Files
Category: Registry
Path: RegistryHivesUser.tkape
-
Name: MSIX Application Registry Files
Category: Registry
Path: RegistryHivesMSIXApps.tkape
# Documentation
# Please note, this Compound Target does NOT include the RegistryHivesOther Target on purpose. While they are technically Registry hives, they are not currently identified as being forensically significant.
# However, for the purpose of KapeResearch_Registry Modules that will dump hives from the ROOT key to JSON for the purpose of (hopefully) finding forensically relevant data in one of these Registry hives, RegistryHivesOther exists for that very reason.
# If you want to pull every single Registry hive possible, combine this Compound Target along with the RegistryHivesOther Target.