dissect.target icon indicating copy to clipboard operation
dissect.target copied to clipboard
verified publisher icon fox-it

make dissect.target handle registry hive files directly

Open Politie-SOC opened this issue 2 years ago • 1 comments

Dissect currently does not know how to parse registry hive files directly. They have to be inside a valid "target" before they can be processed. It would be nice to be able to use target-query and target-reg directly against a registry hive file.

Politie-SOC avatar Oct 09 '23 10:10 Politie-SOC

This could perhaps fit nicely with the idea proposed here: https://github.com/fox-it/dissect.target/pull/399#issuecomment-1736346892

Specifically for registry hives we would need to add a little bit of heuristic checks to figure out which hive we're dealing with (user hive, SYSTEM, SOFTWARE, etc).

Schamper avatar Oct 12 '23 11:10 Schamper