1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
/*
** The Sleuth Kit
**
** Brian Carrier [carrier <at> sleuthkit [dot] org]
** Copyright (c) 2010-2019 Brian Carrier. All Rights reserved
**
** This software is distributed under the Common Public License 1.0
**
*/
/**
* \file RegistryLoader.h
* Contains the class definitions for Registry Loader.
*/
#pragma once
#include "RegParser.h"
#include "RegFileInfo.h"
class RegistryLoader {
public:
RegistryLoader();
~RegistryLoader();
RegFileInfo *getSAMHive();
RegFileInfo *getSystemHive();
RegFileInfo *getSoftwareHive();
RegFileInfo *getSecurityHive();
std::list<RegFileInfo *>getUsrClassHives();
std::list<RegFileInfo *>getNtUserHives();
static RegistryLoader &getInstance()
{
static RegistryLoader instance;
return instance;
}
void freeHives();
private:
bool m_sysHivesLoaded = false;
bool m_userHivesLoaded = false;
std::list<RegFileInfo *> m_regSystemFiles;
std::list<RegFileInfo *> m_regNtUserFiles;
std::list<RegFileInfo *> m_regUsrClassFiles;
int findUsrClassRegFile(TSK_FS_INFO *a_fs_info, const std::string &aUserDirPathName);
int findNTUserRegFilesInDir(TSK_FS_INFO *a_fs_info, TSK_INUM_T a_dir_inum, const std::string &a_path, const std::string &aUserDirName);
int findUserRegFiles(TSK_FS_INFO *a_fs_info, const std::string &a_starting_dir);
int findUserRegFiles(TSK_FS_INFO *a_fs_info);
int findSystemRegFiles(TSK_FS_INFO *a_fs_info);
void loadSystemHives();
void loadUserHives();
};
|
