regf¶
$ target-query <path/to/target> -f regf
Module |
|
Output |
|
Module documentation
Regf dump plugin.
Function documentation
Return all registry keys and values.
The Windows Registry is a hierarchical database that stores low-level settings for the Windows operating system and for applications that opt to use it.
- References:
Yields RegistryKeyRecords and RegistryValueRecords
RegistryKeyRecord fields:
hostname (string): The target hostname.
domain (string): The target domain.
ts (datetime): The registry key last modified time.
path (string): The key path.
key (string): The key name.
source (string): The hive file path.
RegistryValueRecord fields:
hostname (string): The target hostname.
domain (string): The target domain.
ts (datetime): The registry key last modified time.
path (string): The key path.
key (string): The key name.
name (string): The value name.
value (string): The value.
source (string): The hive file path.