dfwinreg issues

add support for BCD

add support for HKEY_LOCAL_MACHINE\BCD00000000 The corresponding regf file is typically stored on the boot volume (active partition) under `\Boot\` or `\EFI\Microsoft\Boot\`

joachimmetz

enhancement

Add sanity check if Windows NT SYSTEM Registry file contains CurrentControlSet key

joachimmetz

enhancement

Idea: use dfWinReg to create a Registry VFS for dfVFS

key => directory with name of the key values => sub directory of a directory with name of the key named "(values)" default value => file in sub directory "(values)"...

joachimmetz

add support for libregf corrupted flag

expose corrupted flag in dfWinReg

joachimmetz

enhancement

add support for Windows Registry Values in registry_searcher.py

Currently FindSpecs and WinRegistrySearch are not able to search for Values within a specific key, limiting searches to keys only. The docstring for WinRegistrySearcher is slightly incorrect here as it...

jnettesheim

add support for HKEY_CLASSES_ROOT

- initially directly map this to HKEY_LOCAL_MACHINE\Software\Classes ? - https://msdn.microsoft.com/en-us/library/windows/desktop/ms724475%28v=vs.85%29.aspx - https://msdn.microsoft.com/en-us/library/windows/desktop/ms724498%28v=vs.85%29.aspx

joachimmetz

enhancement