RegistryExplorer: Have projects save the chosen 'Load dirty hive' option #84
Comments
|
this will take some refactoring, so it may not make 1.5 |
|
so are you getting prompted to load the dirty hive? are you replaying the logs every time vs saving them out to a clean hive with the logs replayed? |
|
The scenario is:
I have the SAM, SYSTEM, SOFTWARE, SECURITY and NTUser.dat hives from an
acquisition (live seizure, plug pulled). When taking these hives, without
the log files, from the drive, I'm putting them in a case folder for
analysis. I open RE, load them in and get prompted to replay the
transactions. I choose not to at this point, because the logs will come
later. I have 9 hives in total, get prompted to replay for 8. I save this
as a project, and close it (project or RE).
When I come back to the project later and reopen it, I get prompted again,
8 times if I want to replay the transactions (I still don't), so I have to
click No, and Yes 8 more times each to get the project to load.
I would like RE to be able to prompt to remember this choice for this
project, or even just for these particular hives in this project.
Eventually I do replay the logs and load them in as new hives, but I think
it would be great to have the option to not prompt every time in a project
specifically.
…On Tue, Jan 7, 2020, 10:33 AM Eric ***@***.***> wrote:
so are you getting prompted to load the dirty hive? are you replaying the
logs every time vs saving them out to a clean hive with the logs replayed?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#84?email_source=notifications&email_token=ACPZG6UVGDD4B6LVSIE7Z6TQ4SOFVA5CNFSM4HYP2GS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIJH7QI#issuecomment-571637697>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACPZG6TQT5STTSVWJFPXQ6DQ4SOFVANCNFSM4HYP2GSQ>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When loading multiple hives, the option comes up each time prompting for log replay, and then prompting to load the dirty hive if no replay is chosen. This is excellent, however once the hives are loaded and the project is saved, these prompts continue again when the project is reloaded.
When switching between two or three projects, it can be sometimes bothersome to have to continually keep clicking 'No', 'Yes' every time the projects are loaded or unloaded.
Is it possible to add a setting/feature/default mode so that, when a project is saved for the first time, it will remember that you didn't select to replay logs and that you do want to load the dirty hive?
I know I've already added a couple of feature requests, and I want you to know I absolutely appreciate all of your work and everything you've done for the field. I apologize if these seem like a lot of requests, however I have come across a few instances where these requests would be helpful.
Thanks again!
The text was updated successfully, but these errors were encountered: