def parse_registry(hive, disk=None): """Parses the registry hive's content and returns a dictionary. {"RootKey\\Key\\...": (("ValueKey", "ValueType", ValueValue), ... )} """ if disk is not None: with FileSystem(disk) as filesystem: registry = extract_registry(filesystem, hive) else: registry = RegistryHive(hive) registry.rootkey = registry_root(hive) return dict(registry.keys())
def parse_registry(hive, disk=None, sort=False): if disk is not None: with FileSystem(disk) as filesystem: registry = extract_registry(filesystem, hive) else: registry = RegistryHive(hive) registry.rootkey = registry_root(hive) if sort: keys = sorted((k for k in registry.keys()), key=lambda k: k.timestamp) return OrderedDict((k.path, (k.timestamp, k.values)) for k in keys) else: return {k.path: (k.timestamp, k.values) for k in registry.keys()}
def parse_registries(filesystem, registries): """Returns a dictionary with the content of the given registry hives. {"\\Registry\\Key\\", (("ValueKey", "ValueType", ValueValue))} """ results = {} for path in registries: with NamedTemporaryFile(buffering=0) as tempfile: filesystem.download(path, tempfile.name) registry = RegistryHive(tempfile.name) registry.rootkey = registry_root(path) results.update(dict(registry.keys())) return results
def parse_registries(filesystem, registries): """Returns a dictionary with the content of the given registry hives. {"\\Registry\\Key\\", (("ValueKey", "ValueType", ValueValue))} """ results = {} for path in registries: with NamedTemporaryFile(buffering=0) as tempfile: filesystem.download(path, tempfile.name) registry = RegistryHive(tempfile.name) registry.rootkey = registry_root(path) results.update( {k.path: (k.timestamp, k.values) for k in registry.keys()}) return results