source: trunk/doc/reglookup-recover.1.docbook @ 295

Last change on this file since 295 was 264, checked in by tim, 13 years ago

man page updates

  • Property svn:keywords set to Id
File size: 6.3 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<refentry id='reglookup-recover.1'>
3  <!--  $Id: reglookup-recover.1.docbook 264 2011-06-20 01:13:35Z tim $ -->
4  <refmeta>
5    <refentrytitle>reglookup</refentrytitle>
6    <manvolnum>1</manvolnum>
7    <refmiscinfo class="sectdesc">File Conversion Utilities</refmiscinfo>
8  </refmeta>
9  <refnamediv id='name'>
10    <refname>reglookup-recover</refname>
11    <refpurpose>Windows NT+ registry deleted data recovery tool</refpurpose>
12  </refnamediv>
13
14  <refsect1 id='synopsis'>
15    <title>SYNOPSIS</title>
16    <para>
17      <command>
18        reglookup-recover [options] <replaceable>registry-file</replaceable>
19      </command>
20    </para>
21  </refsect1>
22
23  <refsect1 id='description'>
24    <title>DESCRIPTION</title>
25    <para>
26        reglookup-recover attempts to scour a Windows registry hive for
27        deleted data structures and outputs those found in a CSV-like format.
28    </para>
29  </refsect1>
30
31  <refsect1 id='options'>
32    <title>OPTIONS</title>
33    <para>
34      <command>reglookup-recover</command> accepts the following parameters:
35    </para>
36
37    <variablelist remap='IP'>
38      <varlistentry>
39        <term>
40          <option>-v</option>
41        </term>
42        <listitem>
43          <para>
44            Verbose output.
45          </para>
46        </listitem>
47      </varlistentry>
48    </variablelist>
49
50    <variablelist remap='IP'>
51      <varlistentry>
52        <term>
53          <option>-h</option>
54        </term>
55        <listitem>
56          <para>
57            Enables the printing of a column header row. (default)
58          </para>
59        </listitem>
60      </varlistentry>
61    </variablelist>
62
63    <variablelist remap='IP'>
64      <varlistentry>
65        <term>
66          <option>-H</option>
67        </term>
68        <listitem>
69          <para>
70            Disables the printing of a column header row.
71          </para>
72        </listitem>
73      </varlistentry>
74    </variablelist>
75
76    <variablelist remap='IP'>
77      <varlistentry>
78        <term>
79          <option>-l</option>
80        </term>
81        <listitem>
82          <para>
83            Display cells which could not be interpreted as valid
84            registry structures at the end of the output.
85          </para>
86        </listitem>
87      </varlistentry>
88    </variablelist>
89
90    <variablelist remap='IP'>
91      <varlistentry>
92        <term>
93          <option>-L</option>
94        </term>
95        <listitem>
96          <para>
97            Do not display cells which could not be interpreted as valid
98            registry structures.  This is the default behavior.
99          </para>
100        </listitem>
101      </varlistentry>
102    </variablelist>
103
104    <variablelist remap='IP'>
105      <varlistentry>
106        <term>
107          <option>-r</option>
108        </term>
109        <listitem>
110          <para>
111            Display raw cell contents for cells which were interpreted as intact
112            data structures.  This additional output will appear on the same
113            line as the interpreted data.
114          </para>
115        </listitem>
116      </varlistentry>
117    </variablelist>
118
119    <variablelist remap='IP'>
120      <varlistentry>
121        <term>
122          <option>-R</option>
123        </term>
124        <listitem>
125          <para>
126            Do not display raw cell contents for cells which were interpreted
127            as intact data structures.  This is the default behavior.
128          </para>
129        </listitem>
130      </varlistentry>
131    </variablelist>
132
133    <variablelist remap='IP'>
134      <varlistentry>
135        <term>
136          <option><replaceable>registry-file</replaceable></option>
137        </term>
138        <listitem>
139          <para>
140            Required argument.  Specifies the location of the
141            registry file to read.  The system registry files should be
142            found under:
143            <command>%SystemRoot%/system32/config</command>.
144          </para>
145        </listitem>
146      </varlistentry>
147    </variablelist>
148  </refsect1>
149
150  <refsect1 id='output'>
151    <title>OUTPUT</title>
152    <para>
153      <!-- XXX: this should be a bit more formal -->
154      <command>reglookup-recover</command> generates a comma-separated values (CSV)
155      like output and writes it to stdout. For more information on the syntax of
156      the general format, see <command>reglookup(1)</command>.
157    </para>
158    <para>
159      This tool is new and the output format, particularly the included columns,
160      may change in future revisions.  When this format stablizes, additional
161      documentation will be included here.
162    </para>
163  </refsect1>
164
165  <refsect1 id='examples'>
166    <title>EXAMPLES</title>
167    <para>
168      To dump the recoverable contents of a system registry hive:
169    </para>
170    <para>
171      <screen>
172        reglookup-recover /mnt/win/c/WINDOWS/system32/config/system
173      </screen>
174    </para>
175    <para>
176      Extract all available unallocated data, including unparsable unallocated
177      space and the raw data associated with parsed cells in a user-specific
178      registry:
179    </para>
180    <para>
181      <screen>
182        reglookup-recover -r -l '/mnt/win/c/Documents and Settings/user/NTUSER.DAT'
183      </screen>
184    </para>
185  </refsect1>
186
187  <refsect1 id='bugs'>
188    <title>BUGS</title>
189    <para>
190      This program has been smoke-tested against most current Windows target
191      platforms, but a comprehensive test suite has not yet been developed.
192      (Please report results to the development mailing list if you encounter
193       any bugs.  Sample registry files and/or patches are greatly appreciated.)
194    </para>
195    <para>
196      This program is new as of RegLookup release 0.9.0 and should be considered
197      unstable.
198    </para>
199    <para>
200      For more information on registry format details and the recovery
201      algorithm, see:
202    </para>
203    <para>
204        http://sentinelchicken.com/research/registry_format/
205        http://sentinelchicken.com/research/registry_recovery/
206    </para>
207  </refsect1>
208
209  <refsect1 id='credits'>
210    <title>CREDITS</title>
211    <para>
212      This program was written by Timothy D. Morgan.
213    </para>
214  </refsect1>
215
216  <refsect1 id='license'>
217    <title>LICENSE</title>
218    <para>
219      Please see the file "LICENSE" included with this software
220      distribution.
221    </para>
222    <para>     
223      This program is distributed in the hope that it will be useful,
224      but WITHOUT ANY WARRANTY; without even the implied warranty of
225      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
226      GNU General Public License version 3 for more details.
227    </para>
228  </refsect1>
229
230  <refsect1 id='seealso'>
231    <title>SEE ALSO</title>
232    <para>
233      reglookup-timeline(1) reglookup-recover(1)
234    </para>
235  </refsect1>
236</refentry>
Note: See TracBrowser for help on using the repository browser.