source: trunk/doc/reglookup-recover.1.docbook @ 119

Last change on this file since 119 was 119, checked in by tim, 16 years ago

adding reglookup-recover man page
  • Property svn:keywords set to Id
File size: 6.4 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<refentry id='reglookup-recover.1'>
3  <!--  $Id: reglookup-recover.1.docbook 119 2008-08-09 05:55:45Z tim $ -->
4  <refmeta>
5    <refentrytitle>reglookup</refentrytitle>
6    <manvolnum>1</manvolnum>
7    <refmiscinfo class="sectdesc">File Conversion Utilities</refmiscinfo>
8  </refmeta>
9  <refnamediv id='name'>
10    <refname>reglookup-recover</refname>
11    <refpurpose>Windows NT+ registry deleted data recovery tool</refpurpose>
12  </refnamediv>
13
14  <refsect1 id='synopsis'>
15    <title>SYNOPSIS</title>
16    <para>
17      <command>
18        reglookup-recover [options] <replaceable>registry-file</replaceable>
19      </command>
20    </para>
21  </refsect1>
22
23  <refsect1 id='description'>
24    <title>DESCRIPTION</title>
25    <para>
26        reglookup-recover attempts to scour a Windows registry hive for
27        deleted data structures and outputs those found in a CSV-like format.
28        print them out to stdout in a CSV-like format.
29    </para>
30  </refsect1>
31
32  <refsect1 id='options'>
33    <title>OPTIONS</title>
34    <para>
35      <command>reglookup-recover</command> accepts the following parameters:
36    </para>
37
38    <variablelist remap='IP'>
39      <varlistentry>
40        <term>
41          <option>-v</option>
42        </term>
43        <listitem>
44          <para>
45            Verbose output. (Currently does little to nothing.)
46          </para>
47        </listitem>
48      </varlistentry>
49    </variablelist>
50
51    <variablelist remap='IP'>
52      <varlistentry>
53        <term>
54          <option>-h</option>
55        </term>
56        <listitem>
57          <para>
58            Enables the printing of a column header row. (default)
59          </para>
60        </listitem>
61      </varlistentry>
62    </variablelist>
63
64    <variablelist remap='IP'>
65      <varlistentry>
66        <term>
67          <option>-H</option>
68        </term>
69        <listitem>
70          <para>
71            Disables the printing of a column header row.
72          </para>
73        </listitem>
74      </varlistentry>
75    </variablelist>
76
77    <variablelist remap='IP'>
78      <varlistentry>
79        <term>
80          <option>-l</option>
81        </term>
82        <listitem>
83          <para>
84            Display cells which could not be interpreted as valid
85            registry structures at the end of the output.
86          </para>
87        </listitem>
88      </varlistentry>
89    </variablelist>
90
91    <variablelist remap='IP'>
92      <varlistentry>
93        <term>
94          <option>-L</option>
95        </term>
96        <listitem>
97          <para>
98            Do not display cells which could not be interpreted as valid
99            registry structures.  This is the default behavior.
100          </para>
101        </listitem>
102      </varlistentry>
103    </variablelist>
104
105    <variablelist remap='IP'>
106      <varlistentry>
107        <term>
108          <option>-r</option>
109        </term>
110        <listitem>
111          <para>
112            Display raw cell contents for cells which were interpreted as intact
113            data structures.  This additional output will appear on the same
114            line as the interpreted data.
115          </para>
116        </listitem>
117      </varlistentry>
118    </variablelist>
119
120    <variablelist remap='IP'>
121      <varlistentry>
122        <term>
123          <option>-R</option>
124        </term>
125        <listitem>
126          <para>
127            Do not display raw cell contents for cells which were interpreted
128            as intact data structures.  This is the default behavior.
129          </para>
130        </listitem>
131      </varlistentry>
132    </variablelist>
133
134    <variablelist remap='IP'>
135      <varlistentry>
136        <term>
137          <option><replaceable>registry-file</replaceable></option>
138        </term>
139        <listitem>
140          <para>
141            Required argument.  Specifies the location of the
142            registry file to read.  The system registry files should be
143            found under:
144            <command>%SystemRoot%/system32/config</command>.
145          </para>
146        </listitem>
147      </varlistentry>
148    </variablelist>
149  </refsect1>
150
151  <refsect1 id='output'>
152    <title>OUTPUT</title>
153    <para>
154      <!-- XXX: this should be a bit more formal -->
155      <command>reglookup-recover</command> generates a comma-separated values (CSV)
156      like output and writes it to stdout. For more information on the syntax of
157      the general format, see <command>reglookup(1)</command>.
158    </para>
159    <para>
160      This tool is new and the output format, particularly the included columns,
161      may change in future revisions.  When this format stablizes, additional
162      documentation will be included here.
163    </para>
164  </refsect1>
165
166  <refsect1 id='examples'>
167    <title>EXAMPLES</title>
168    <para>
169      To dump the recoverable contents of a system registry hive:
170    </para>
171    <para>
172      <screen>
173        reglookup-recover /mnt/win/c/WINDOWS/system32/config/system
174      </screen>
175    </para>
176    <para>
177      Extract all available unallocated data, including unparsable unallocated
178      space and the raw data associated with parsed cells in a user-specific
179      registry:
180    </para>
181    <para>
182      <screen>
183        reglookup-recover -r -l '/mnt/win/c/Documents and Settings/user/NTUSER.DAT'
184      </screen>
185    </para>
186  </refsect1>
187
188  <refsect1 id='bugs'>
189    <title>BUGS</title>
190    <para>
191      This program has been smoke-tested against most current Windows target
192      platforms, but a comprehensive test suite has not yet been developed.
193      (Please report results to the development mailing list if you encounter
194       any bugs.  Sample registry files and/or patches are greatly appreciated.)
195    </para>
196    <para>
197      This program is new as of RegLookup release 0.9.0 and should be considered
198      unstable.
199    </para>
200    <para>
201      For more information on registry format details and the recovery
202      algorithm, see:
203        http://sentinelchicken.com/research/registry_format/
204        http://sentinelchicken.com/research/registry_recovery/
205    </para>
206  </refsect1>
207
208  <refsect1 id='credits'>
209    <title>CREDITS</title>
210    <para>
211      This program was written by Timothy D. Morgan.
212    </para>
213  </refsect1>
214
215  <refsect1 id='license'>
216    <title>LICENSE</title>
217    <para>
218      Please see the file "LICENSE" included with this software
219      distribution.
220    </para>
221    <para>     
222      This program is distributed in the hope that it will be useful,
223      but WITHOUT ANY WARRANTY; without even the implied warranty of
224      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
225      GNU General Public License version 3 for more details.
226    </para>
227  </refsect1>
228
229  <refsect1 id='seealso'>
230    <title>SEE ALSO</title>
231    <para>
232      reglookup-timeline(1) reglookup-recover(1)
233    </para>
234  </refsect1>
235</refentry>
Note: See TracBrowser for help on using the repository browser.