[Libguestfs] hivexml - Flattened vs. Expanded XML
Simson Garfinkel
simsong at acm.org
Fri Mar 19 20:45:34 UTC 2010
All,
Greetings. I am new to this mailing list.
We have been working with XML for digital forensics. One of the areas that we wish to create a schema for is the representation of registry entries.
We are interested in hivexml as a tool for extracting the registry as an XML representation.
In our discussion with possible users, we have generally come to the conclusion that it is useful to represent each XML key as a fully expanded path, rather than preserving the tree structure of the registry hive. Although this may seem verbose, it makes processing the data significantly easier.
Is working with the hivexml system in a production environment? If so, do you have any thoughts on this matter?
You can find an example of the digital forensics XML at:
http://www.forensicswiki.org/wiki/Fiwalk
Regards,
Simson Garfinkel
More information about the Libguestfs
mailing list