Registry Viewer Plugin
This is a self-installing viewer for Windows Registry-hive files. Once installed, it is invoked using the CTRL+SHIFT+Y keyboard shortcut.
The viewer allows the examiner to interpret long-integer (QWORD) and 8-byte binary values as Windows FILETIME timestamps.
Binary data can also rendered as ANSI/ASCII characters. Any non-ANSI/ASCII character will be rendered as a centre-dot (·) character.
If both of the above options are chosen, 8-byte binary values will be decoded as timestamps only.
Output is by way of data bookmarks.
YOU MAY ALSO LIKE