Matt Churchhill (http://mattchurchill.net/2010/06/windowsripper/) has been doing some work to supercharge RegRipper. Take a look at his video and while watching, consider how this can affect your method to triage a computer when booted to WinFE...
2003 Hits
Recent Comments
Am I correct that once you assign a drive letter to the Volume you are going to be touching the Drive in WinFE?
Wednesday, 02 June 2010 10:30
If you set a volume to read only, the disk is written to (offset 0x417). If a disk is set to read only, it is not written to. So... Read More
Wednesday, 02 June 2010 11:09
Thanks for the link, Brett. I hadn't thought of putting this on WinFE before, but it's a great idea.
Wednesday, 02 June 2010 11:32
2003 Hits
