| reglookup(1) | reglookup(1) |
reglookup-recover - Windows NT+ registry deleted data recovery tool
reglookup-recover [options] registry-file
reglookup-recover attempts to scour a Windows registry hive for deleted data structures and outputs those found in a CSV-like format.
reglookup-recover accepts the following parameters:
reglookup-recover generates a comma-separated values (CSV) like output and writes it to stdout. For more information on the syntax of the general format, see reglookup(1).
This tool is new and the output format, particularly the included columns, may change in future revisions. When this format stablizes, additional documentation will be included here.
To dump the recoverable contents of a system registry hive:
reglookup-recover /mnt/win/c/WINDOWS/system32/config/system
Extract all available unallocated data, including unparsable unallocated space and the raw data associated with parsed cells in a user-specific registry:
reglookup-recover -r -l '/mnt/win/c/Documents and Settings/user/NTUSER.DAT'
This program has been smoke-tested against most current Windows target platforms, but a comprehensive test suite has not yet been developed. (Please report results to the development mailing list if you encounter any bugs. Sample registry files and/or patches are greatly appreciated.)
This program is new as of RegLookup release 0.9.0 and should be considered unstable.
For more information on registry format details and the recovery algorithm, see:
http://sentinelchicken.com/research/registry_format/ http://sentinelchicken.com/research/registry_recovery/
This program was written by Timothy D. Morgan.
Please see the file "LICENSE" included with this software distribution.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for more details.
| 2 February 2021 | File Conversion Utilities |