regf
#
$ target-query <path/to/target> -f regf
Module |
|
Output |
|
Module documentation
Regf dump plugin.
Function documentation
Return all registry keys and values.
The Windows Registry is a hierarchical database that stores low-level settings for the Windows operating system and for applications that opt to use it.
- References:
Yields RegistryKeyRecords and RegistryValueRecords
- RegistryKeyRecord fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The registry key last modified time. path (string): The key path. key (string): The key name. source (string): The hive file path.
- RegistryValueRecord fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The registry key last modified time. path (string): The key path. key (string): The key name. name (string): The value name. value (string): The value. source (string): The hive file path.