[Vol-users] hive file dump
jaroslav.brtan at gmail.com
Mon Jun 10 03:37:26 CDT 2013
I would like to ask you if it is possible to dump the hive file from a
For some reason the printkey cmd does not return expected values.
In my virtualbox Windows xp sp3 image contains vboxtray.exe in the RUN key,
but I dont see it in the printkey -K
"Software\Microsoft\Windows\CurrentVersion\Run" cmd output
I am using volatility version 2.3 beta.
I want to use Windows registry recovery tool to check if it is able to get
the info I need.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Vol-users