CAINE 1.5 Installed... WINE and Windows Registry Recovery

View previous topic View next topic Go down

CAINE 1.5 Installed... WINE and Windows Registry Recovery

Post  joetekno on Wed Mar 10, 2010 4:07 am

Using WINE and Mitec's Windows Registry Recovery to view Windows Registry entries.

Copy the “Hive” files to your “/evidence/config” directory

1. Open a terminal window
2. Become the root user
a. Type: sudo su

3. Maneuver to the /evidence directory and create a subdirectory named config
a. Type: cd /evidence
b. Type: mkdir config

4. Mount your image file
a. See “CAINE 1.5 Installed and MMLS to mount NTFS image file” for more information on how to do this

5. Copy the “Hive” files from the image to the /evidence/config directory
a. cp /media/evidence/WINDOWS/system32/config/* /evidence/config/

6. Change the permissions on the copied files to allow the mitec program to access them
a. chmod 666 /evidence/config/*


Downloading and Installing a Windows application with Wine

1. Open a browser and go to www.mitec.CZ
2. Download the “Windows Registry Recovery” application
3. Save the WRR.zip file to your desktop
4. Double Click the WRR.zip file
5. Right Click the WRR.EXE file and select “Open with…”
6. Select “Wine Windows Program Loader”
7. Click the “Open” button

Using the Mitec Windows Registry Recovery application

1. Select the File… Open… menu
2. Select /evidence/config…{some hive file}
3. Click the “Raw Data” button

Sam – HKEY_LOCAL_MACHINE\SAM
Security – HKEY_LOCAL_MACHINE\SECURITY
Software – HKEY_LOCAL_MACHINE\SOFTWARE
System – HKEY_LOCAL_MACHINE\SYSTEM
Default – HKEY_USERS\.DEFAULT

joetekno

Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19

View user profile http://network.nwtc.edu

Back to top Go down

Re: CAINE 1.5 Installed... WINE and Windows Registry Recovery

Post  MAX.KNIGHT68 on Sun Jan 06, 2013 6:44 pm

hello,
I need to know what format is accepted by Windows Registry Recovery.
I have downloaded the sw from the site mentioned in the post, then, in order to make a test (for practice), i have been on my pc and i have opened regedit and exported my pc's registry on a file in order to use it in wrr, but, when i tried to open the file into WRR it told me that the file is in a not supported format.

Just to explain
The first time i have exported the registry in a .reg file format
The second time i tried the same operation exporting in a .txt file format

but nothing happened... the result was a fail in both cases... so i want to know in what file format i have to export the registry taking in consideration that regedit exports in the following formats:

log(?) files (*.reg) - file di registrazione
registry hive files (*.*) - file hive del Registro di Sistema
text file (*.txt) - file di testo
Win9x/NT4 log(?) files (*.reg) - file di registrazione Win9x/NT4
All files - Tutti i files

Notice: since i have italian version of Windows 7, i have reported the entries that regedit shows to me (in both italian and the correspondent translated version in english with the hope that the translated entries are the most possible corresponding... if not, you can open regedit on your windows pc and choose export, when a dialog open it will show the allowed file formats for export operation).
Any suggestion is accepted.
Thank you in advance

MAX.KNIGHT68

Number of posts : 11
Age : 48
Località : Taranto
Registration date : 2012-12-02

View user profile

Back to top Go down

mitec windows registry recovery

Post  joetekno on Sun Jan 06, 2013 7:07 pm

From the mitec website... This application allows to read files containing Windows 9x,NT,2K,XP,2K3 registry hives.

7 is not supported.

Regards,

Joe

joetekno

Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19

View user profile http://network.nwtc.edu

Back to top Go down

Re: CAINE 1.5 Installed... WINE and Windows Registry Recovery

Post  MAX.KNIGHT68 on Thu Jan 10, 2013 2:57 pm

hello,
just for curiosity i wanted to see if there was a newest version of the software on the site MiTec and i have seen that windows 7 is supported... so i have thought "this is a newer version" and i have downloaded it...
but the result was the same Sad under Wine it seems to have problems to recognize the file exported from regedit.
To cross-check I downloaded the same program and I run it directly under windows and I saw that it works.
So... what i have to think now?
WRR seems to have compatibility with wine... isn't it?

Thank you in advance

MAX.KNIGHT68

Number of posts : 11
Age : 48
Località : Taranto
Registration date : 2012-12-02

View user profile

Back to top Go down

Wine and Mitec WRR

Post  joetekno on Thu Jan 10, 2013 5:44 pm

It may be a problem with Wine but I'd try this...

Copy the registry files from the raw disk to the same location in the wine directory structure... then run WRR.

HKEY_LOCAL_MACHINE \SYSTEM : \system32\config\system
HKEY_LOCAL_MACHINE \SAM : \system32\config\sam
HKEY_LOCAL_MACHINE \SECURITY : \system32\config\security
HKEY_LOCAL_MACHINE \SOFTWARE : \system32\config\software
HKEY_USERS \UserProfile : \winnt\profiles\username
HKEY_USERS.DEFAULT : \system32\config\default

So you would copy c:\system32\config\system from the Windows 7 system you are investigating TO c:\system\config\system in the Wine Directory structure. Then run WRR and see if it works.

Regards,

Joe

joetekno

Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19

View user profile http://network.nwtc.edu

Back to top Go down

Re: CAINE 1.5 Installed... WINE and Windows Registry Recovery

Post  MAX.KNIGHT68 on Sat Jan 12, 2013 1:46 am

Thank you very much Very Happy
Finally i succeded. Few minutes ago i tried step by step what you wrote to answer me in the post and it works...
In order to do this i have copied some parts of my original win 7's registry by exporting them in some files.
Then i have copied those files on a pendrive and then again i have copied them in my VM with Caine installed on it.
After several attempts i have found the directories in the C: drive of wine and i put the files in the C: drive and i have started WRR and opened the files in it!!!
So i have seen that it works also under wine but now there is a new question:

if i make an image of my C:\ drive containing the operating system how can i extract the registry files raw data from the image?

Thank you in advance for your patience and your reply

Regards.

Max.

MAX.KNIGHT68

Number of posts : 11
Age : 48
Località : Taranto
Registration date : 2012-12-02

View user profile

Back to top Go down

Accessing Registry of imaged drive

Post  joetekno on Sat Jan 12, 2013 5:25 pm

You can see my post here: http://cainelive.aforumfree.com/t39-using-caine-and-mmls-to-mount-an-image-of-an-ntfs-drive

Once you mount the image you will have access to the file system as if it were just another attached drive.

Regards,

Joe

joetekno

Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19

View user profile http://network.nwtc.edu

Back to top Go down

Re: CAINE 1.5 Installed... WINE and Windows Registry Recovery

Post  MAX.KNIGHT68 on Sat Jan 12, 2013 6:35 pm

Okay, Thank you very much Very Happy
you're so kind
have a nice day

Regards,
Max

MAX.KNIGHT68

Number of posts : 11
Age : 48
Località : Taranto
Registration date : 2012-12-02

View user profile

Back to top Go down

Re: CAINE 1.5 Installed... WINE and Windows Registry Recovery

Post  Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum