Greetings. I am new to this list. I am writing to you about hivexml. Richard Jones told me that he was considering abandoning this program. Instead, I am willing to take over maintenance of it. I am involved in computer forensics. I are in the midst of developing an XML standard to describe the Windows Registry. There are several programs that export the windows registry at XML. I have listed them at: http://www.forensicswiki.org/wiki/Windows_Registry_XML The XML produced by hivexml is somewhat difficult to work with. It also has some problems in that it doesn't properly quote strings, and doesn't atke into account other important information. I have come up with a new form and would like to modify hivexml to output and ingest the new form. My question for this group: 1. Is anybody using hivexml? 2. Is it important to be able to read the old XML format? 3. We have had a hard time building hivexml on non-RedHat systems. Is there any objection to my making this a standalone program? I look forward to hearing from the list. Simson Garfinkel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libguestfs/attachments/20110507/a7162ca1/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4914 bytes Desc: not available URL: <http://listman.redhat.com/archives/libguestfs/attachments/20110507/a7162ca1/attachment.p7s>
On Sat, May 07, 2011 at 06:01:13PM -0400, Simson Garfinkel wrote:> I am writing to you about hivexml. Richard Jones told me that he > was considering abandoning this program. Instead, I am willing to > take over maintenance of it.Not sure "abandoning", but I said that the format is broken, the program is broken, and I'd like to deprecate both.> 1. Is anybody using hivexml?[speaking for me] No. The regedit format is what we're not using in all the upstream and RHEL tools.> 2. Is it important to be able to read the old XML format?[speaking for me] no> 3. We have had a hard time building hivexml on non-RedHat > systems. Is there any objection to my making this a standalone > program?Go ahead. I would suggest (just to avoid confusion) you call your program something else instead of 'hivexml'. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 80 OCaml packages (the OPEN alternative to F#) http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
Simson, et al,> The XML produced by hivexml is somewhat?difficult to work with. It also has > some problems in that it doesn't properly quote strings, and doesn't atke > into account other important information. I have come up with a new form and > would like to modify hivexml to output and ingest the new form. > My question for this group: > 1. Is anybody using hivexml? > 2. Is it important to be able to read the old XML format? > 3. We have had a hard time building hivexml on non-RedHat systems. Is there > any objection to my making this a standalone program?Are you going to just work on the xml portion of hivex, or all of it? I've got some suggestions on making (at least) the python bindings easier to use for forensics scripts. And having the xml generation in Python would be great. Elizabeth