source: trunk/doc/reglookup-recover.1.docbook@ 199

Last change on this file since 199 was 138, checked in by tim, 16 years ago

extended error message logging to allow for message type filtering

fine tuned message verbosity to more reasonable default levels for reglookup and reglookup-recover

updated related documentation
  • Property svn:keywords set to Id
File size: 6.3 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<refentry id='reglookup-recover.1'>
3 <!-- $Id: reglookup-recover.1.docbook 138 2009-02-08 19:53:48Z tim $ -->
4 <refmeta>
5 <refentrytitle>reglookup</refentrytitle>
6 <manvolnum>1</manvolnum>
7 <refmiscinfo class="sectdesc">File Conversion Utilities</refmiscinfo>
8 </refmeta>
9 <refnamediv id='name'>
10 <refname>reglookup-recover</refname>
11 <refpurpose>Windows NT+ registry deleted data recovery tool</refpurpose>
12 </refnamediv>
13
14 <refsect1 id='synopsis'>
15 <title>SYNOPSIS</title>
16 <para>
17 <command>
18 reglookup-recover [options] <replaceable>registry-file</replaceable>
19 </command>
20 </para>
21 </refsect1>
22
23 <refsect1 id='description'>
24 <title>DESCRIPTION</title>
25 <para>
26 reglookup-recover attempts to scour a Windows registry hive for
27 deleted data structures and outputs those found in a CSV-like format.
28 </para>
29 </refsect1>
30
31 <refsect1 id='options'>
32 <title>OPTIONS</title>
33 <para>
34 <command>reglookup-recover</command> accepts the following parameters:
35 </para>
36
37 <variablelist remap='IP'>
38 <varlistentry>
39 <term>
40 <option>-v</option>
41 </term>
42 <listitem>
43 <para>
44 Verbose output.
45 </para>
46 </listitem>
47 </varlistentry>
48 </variablelist>
49
50 <variablelist remap='IP'>
51 <varlistentry>
52 <term>
53 <option>-h</option>
54 </term>
55 <listitem>
56 <para>
57 Enables the printing of a column header row. (default)
58 </para>
59 </listitem>
60 </varlistentry>
61 </variablelist>
62
63 <variablelist remap='IP'>
64 <varlistentry>
65 <term>
66 <option>-H</option>
67 </term>
68 <listitem>
69 <para>
70 Disables the printing of a column header row.
71 </para>
72 </listitem>
73 </varlistentry>
74 </variablelist>
75
76 <variablelist remap='IP'>
77 <varlistentry>
78 <term>
79 <option>-l</option>
80 </term>
81 <listitem>
82 <para>
83 Display cells which could not be interpreted as valid
84 registry structures at the end of the output.
85 </para>
86 </listitem>
87 </varlistentry>
88 </variablelist>
89
90 <variablelist remap='IP'>
91 <varlistentry>
92 <term>
93 <option>-L</option>
94 </term>
95 <listitem>
96 <para>
97 Do not display cells which could not be interpreted as valid
98 registry structures. This is the default behavior.
99 </para>
100 </listitem>
101 </varlistentry>
102 </variablelist>
103
104 <variablelist remap='IP'>
105 <varlistentry>
106 <term>
107 <option>-r</option>
108 </term>
109 <listitem>
110 <para>
111 Display raw cell contents for cells which were interpreted as intact
112 data structures. This additional output will appear on the same
113 line as the interpreted data.
114 </para>
115 </listitem>
116 </varlistentry>
117 </variablelist>
118
119 <variablelist remap='IP'>
120 <varlistentry>
121 <term>
122 <option>-R</option>
123 </term>
124 <listitem>
125 <para>
126 Do not display raw cell contents for cells which were interpreted
127 as intact data structures. This is the default behavior.
128 </para>
129 </listitem>
130 </varlistentry>
131 </variablelist>
132
133 <variablelist remap='IP'>
134 <varlistentry>
135 <term>
136 <option><replaceable>registry-file</replaceable></option>
137 </term>
138 <listitem>
139 <para>
140 Required argument. Specifies the location of the
141 registry file to read. The system registry files should be
142 found under:
143 <command>%SystemRoot%/system32/config</command>.
144 </para>
145 </listitem>
146 </varlistentry>
147 </variablelist>
148 </refsect1>
149
150 <refsect1 id='output'>
151 <title>OUTPUT</title>
152 <para>
153 <!-- XXX: this should be a bit more formal -->
154 <command>reglookup-recover</command> generates a comma-separated values (CSV)
155 like output and writes it to stdout. For more information on the syntax of
156 the general format, see <command>reglookup(1)</command>.
157 </para>
158 <para>
159 This tool is new and the output format, particularly the included columns,
160 may change in future revisions. When this format stablizes, additional
161 documentation will be included here.
162 </para>
163 </refsect1>
164
165 <refsect1 id='examples'>
166 <title>EXAMPLES</title>
167 <para>
168 To dump the recoverable contents of a system registry hive:
169 </para>
170 <para>
171 <screen>
172 reglookup-recover /mnt/win/c/WINDOWS/system32/config/system
173 </screen>
174 </para>
175 <para>
176 Extract all available unallocated data, including unparsable unallocated
177 space and the raw data associated with parsed cells in a user-specific
178 registry:
179 </para>
180 <para>
181 <screen>
182 reglookup-recover -r -l '/mnt/win/c/Documents and Settings/user/NTUSER.DAT'
183 </screen>
184 </para>
185 </refsect1>
186
187 <refsect1 id='bugs'>
188 <title>BUGS</title>
189 <para>
190 This program has been smoke-tested against most current Windows target
191 platforms, but a comprehensive test suite has not yet been developed.
192 (Please report results to the development mailing list if you encounter
193 any bugs. Sample registry files and/or patches are greatly appreciated.)
194 </para>
195 <para>
196 This program is new as of RegLookup release 0.9.0 and should be considered
197 unstable.
198 </para>
199 <para>
200 For more information on registry format details and the recovery
201 algorithm, see:
202 http://sentinelchicken.com/research/registry_format/
203 http://sentinelchicken.com/research/registry_recovery/
204 </para>
205 </refsect1>
206
207 <refsect1 id='credits'>
208 <title>CREDITS</title>
209 <para>
210 This program was written by Timothy D. Morgan.
211 </para>
212 </refsect1>
213
214 <refsect1 id='license'>
215 <title>LICENSE</title>
216 <para>
217 Please see the file "LICENSE" included with this software
218 distribution.
219 </para>
220 <para>
221 This program is distributed in the hope that it will be useful,
222 but WITHOUT ANY WARRANTY; without even the implied warranty of
223 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
224 GNU General Public License version 3 for more details.
225 </para>
226 </refsect1>
227
228 <refsect1 id='seealso'>
229 <title>SEE ALSO</title>
230 <para>
231 reglookup-timeline(1) reglookup-recover(1)
232 </para>
233 </refsect1>
234</refentry>
Note: See TracBrowser for help on using the repository browser.