yaru is a platform independent Windows registry viewer. Inspired by the desire to look into the Windows registry metadata, so as to better forensically analyze the registry hives, yaru was designed with a portable and extensible architecture in mind so that it could be compiled to run on various operating systems. The registry parsing engine is written in standard C/C++ and has no dependencies on the Windows registry API functions.
The Windows version of yaru has the ability to take a snapshot of any of the active hives and examine the internal structure of the hive. Since the Windows operating system locks down the active hives from other processes reading them, yaru can resort to raw NTFS disk reads to read any of the desired hives. Consequently, this requires the user to run this tool with administrative privileges. While this approach adds complexity to yaru, it ensures that all metadata is available for analysis, as well as ensures there is no corruption or changes to the active hive during analysis.
Some other rudimentary functionality includes:
– Show allocated (but unused) key value data space.
– Show unallocated hive space.
– Able to traverse the hive slack space and enumerate deleted keys.
– Report generation capability.
– Optional logging capability that records the user selections along with data values into a separate XML file for later review.
– Ability to export any key in the hive under evaluation to a registration (.reg) file to be used for analysis.
– Ability to process any hive using user defined templates.
– Simple search capability: (a) key names, (b) value names, © date ranges, and (e) strings
– The ability to verify that all allocated chunks have valid links to the registry.
OS : Microsoft Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10
Language : English
Home Page – https://tzworks.net
Download uploaded
http://ul.to/ml14avyv
Download nitroflare
http://nitroflare.com/view/037F2F02AF0D4A4/YAR1573264.rar
Download 城通网盘
https://page88.ctfile.com/fs/S0C184405178
Download 百度云
https://pan.baidu.com/s/1miDL5iw