I've used AccessData's Registry Viewer and Encase. I'm sure there are other applications out there. I also believe you can open the files from a working Windows computer using the Registry Editor (regedit.exe).
Greg Kelley, EnCE Vestige Digital Investigations Computer Forensics | Electronic Discovery | Corporate Surety 46 Public Square, Ste 220 Medina, OH 44256 (330)721-1205 x5432 (330)721-1206 Fax http://www.vestigeltd.com -----Original Message----- From: Rikard Johnels [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 11, 2006 2:00 PM To: [email protected] Subject: Analysing a Windows registry from Linux or another Windows system Hello! I have been set to analyse two windows registry files from a compromised Win98 system. All i am given is the user.dat and system.dat files from the recovered disk. How can i read these files and recover data from them? Especially we need the ISP settings (Modem. It has no network card) to be able to verify where this specific computer was connecting to. Any tips or pointers? -- /Rikard ----------------------------------------------------------------------------- email : [EMAIL PROTECTED] web : http://www.rikjoh.com mob: : +46 (0)763 19 76 25 ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >
