public static Timezone Get(string hivePath) { if (RegistryHeader.Get(hivePath).HivePath.Contains("SYSTEM")) { ValueKey vk = ValueKey.Get(hivePath, @"ControlSet001\Control\TimeZoneInformation", "TimeZoneKeyName"); TimeZone tz = TimeZone.CurrentTimeZone; return(new Timezone(System.Text.Encoding.Unicode.GetString(vk.GetData()), tz.StandardName, tz.DaylightName, tz.IsDaylightSavingTime(DateTime.Now))); } else { throw new Exception("Invalid SYSTEM hive provided to -HivePath parameter."); } }
private void Initialize() { var header = ReadBytesFromHive(0, 4096); Logger.Debug("Getting header"); Header = new RegistryHeader(header); Logger.Debug("Got header. Embedded file name {0}", Header.FileName); var fNameBase = Path.GetFileName(Header.FileName).ToLowerInvariant(); switch (fNameBase) { case "ntuser.dat": HiveType = HiveTypeEnum.NtUser; break; case "sam": HiveType = HiveTypeEnum.Sam; break; case "security": HiveType = HiveTypeEnum.Security; break; case "software": HiveType = HiveTypeEnum.Software; break; case "system": HiveType = HiveTypeEnum.System; break; case "drivers": HiveType = HiveTypeEnum.Drivers; break; case "usrclass.dat": HiveType = HiveTypeEnum.UsrClass; break; case "components": HiveType = HiveTypeEnum.Components; break; case "bcd": HiveType = HiveTypeEnum.Bcd; break; default: HiveType = HiveTypeEnum.Other; break; } Logger.Debug($"Hive is a {HiveType} hive"); var version = $"{Header.MajorVersion}.{Header.MinorVersion}"; Logger.Debug($"Hive version is {version}"); }