MiTeC Registry File Viewer ========================== Revised: 11/10/2004 Legal issues: ------------- Copyright © 2003 by Michal Mutl Aubrechtove 3102, 106 00 Praha 10, Czech republic michal.mutl@mitec.cz http:\\www.mitec.cz This software is provided 'as-is', without any express or implied warranty. In no event will the author be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented, you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation is required. 2. This notice may not be removed or altered from any source distribution. Description: ------------ Viewer for standalone files containing Windows registry hives of all MS Windows platforms except MS Windows 3.x. (e.g. NTUSER.DAT, SYSTEM.1ST, SAM, etc.). It features extended registry searching, registry dumping and exporting to REGEDIT4 format and detailed key information. For NT registry files there's possibility to explore all security records and hash values. For NT registry value of type REG_RESOURCE_LIST here's Resource information in Data View. Data view has powerfull binary data viewer with data inspector. (it can be found for example in SYSTEM in value BootConfig under key ControlSet001\Enum\PCI\VEN_1039&DEV_0001&SUBSYS_00000000&REV_00\3&61aaa01&0&08\LogConf). It also provides forensic analysis of some special keys or hives (StreamMRU,UserAssist,SAM etc.). NOTICE: Under NT you cannot view files that are held by system (mostly located in %SystemRoot%\system32\config). It's not clear to many users, so i mentioned it here. To solve this you can use excelent free utility "ERUNT - The Emergency Recovery Utility NT" by Lars Hederer that can copy all registry files to specified location and they are available for browsing there. You can download it from: http://home.t-online.de/home/lars.hederer/erunt In distribution ZIP archive are two sample files in subfolder Samples: SYSTEM.SAV .... contains Windows 2000 SP2 HKEY_LOCAL_MACHINE hive SYSTEM.DAT ...... contains Windows 95 OSR 2 HKEY_LOCAL_MACHINE hive License: -------- FREEWARE Registration ------------ Sources of Registry File Reader are available on purchase/registration. The cost of a site license is currently 35 EUR. This license permits development using MiTeC Registry File Reader by any number of persons at your place of work. You are granted a non-exclusive, royalty-free right to reproduce and redistribute executable files created using the Software (the "Executable Code") in conjunction with software products that you develop and/or market (the "Applications"). The registered version with source code allows the user to produce any changes in the source code for personal use without agreement with the author. After registering you will get any further version of MiTeC Registry File Reader with sources for free. You can use ShareIt (www.shareit.com) to order MiTeC Registry File Reader. Product ID is #196601. I send you current version of MiTeC Registry File Reader with sources by e-mail, so don't forget deliver me your e-mail address. Feel free to send me any sugestions you have on my e-mail (see above).