#forensic #windows #parser #registry #cybersecurity

frnsc-liveregistry-rs

Implements RegistryReader from forensic-rs using the Windows API to access the registry of a live system

9 unstable releases (4 breaking)

new 0.9.1 Feb 22, 2024
0.9.0 Feb 9, 2024
0.8.0 Feb 4, 2024
0.7.0 Nov 13, 2023
0.1.0 Sep 27, 2022

#70 in Windows APIs

Download history 49/week @ 2023-11-01 37/week @ 2023-11-08 19/week @ 2023-11-15 27/week @ 2023-11-22 26/week @ 2023-11-29 11/week @ 2023-12-06 15/week @ 2023-12-13 14/week @ 2023-12-20 12/week @ 2023-12-27 13/week @ 2024-01-03 13/week @ 2024-01-10 8/week @ 2024-01-17 12/week @ 2024-01-24 51/week @ 2024-01-31 47/week @ 2024-02-07 113/week @ 2024-02-14

225 downloads per month
Used in 3 crates

MIT license

20KB
403 lines

Windows Registry Reader

crates.io documentation MIT License Rust

Implements RegistryReader using the Windows API to access the registry of a live system.

Usage

fn test_reg(reg : &mut Box<dyn RegistryReader>) {
    let keys = reg.enumerate_keys(HkeyCurrentUser).unwrap();
    assert!(keys.contains("SOFTWARE"));
    assert!(keys.contains("Microsoft"));
}

let registry = Box::new(LiveRegistryReader::new());
let key = registry.open_key(HkeyCurrentUser, "Volatile Environment").unwrap();
let value : String = registry.read_value(key, "USERNAME").unwrap().try_into().unwrap();
assert!(value.len() > 1);
let values : Vec<String> = registry.enumerate_values(key).unwrap();

test_reg(&mut registry);

Dependencies

~0.7–47MB
~691K SLoC