Hive 读取器 [Alpha]

为取证目的打开 Hive 注册表。使用 ForensicRs 框架。

状态

仍不可用，处于开发中。

https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md

与 Hive 文件协同工作

let mut reader = HiveRegistryReader::new();
// Add a registry key extracted from a REG file
reader.add_reg_key(r"HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System", r"Identifier", RegValue::SZ(r"AT/AT COMPATIBLE".into()));
// Now the key is mounted and can be accesses like its in a Hive
let key = reader.open_key(HKLM, r"HARDWARE\DESCRIPTION\System").unwrap();
assert_eq!(RegHiveKey::Hkey(1407374883553280), key); // Cache -1 and type 5 => Mounted
assert_eq!(RegValue::SZ(r"AT/AT COMPATIBLE".into()), reader.read_value(key, "Identifier").unwrap());
reader.close_key(key);