public void ShouldFind4HitsForBinaryDataInValueDataWithRegEx()
{
var usrClass1 = new RegistryHive(@"..\..\..\Hives\UsrClass 1.dat");
usrClass1.RecoverDeleted = true;
usrClass1.FlushRecordListsAfterParse = false;
usrClass1.ParseHive();
var hits = usrClass1.FindInValueData("04-00-EF-BE", true).ToList();
Check.That(hits.Count).IsEqualTo(56);
hits = usrClass1.FindInValueData("47-4F-4F-4E", true).ToList();
Check.That(hits.Count).IsEqualTo(4);
hits = usrClass1.FindInValueData("44-65-62", true).ToList(); //finds deb
Check.That(hits.Count).IsEqualTo(2);
hits = usrClass1.FindInValueData("44-65-73", true).ToList(); //finds des
Check.That(hits.Count).IsEqualTo(1);
hits = usrClass1.FindInValueData("44-65-(62|73)", true).ToList(); //finds deb or des
Check.That(hits.Count).IsEqualTo(3);
}
public void ShouldFind4HitsForBingXInValueDataWithRegEx()
{
var usrClass1 = new RegistryHive(@"..\..\..\Hives\UsrClass 1.dat");
usrClass1.RecoverDeleted = true;
usrClass1.FlushRecordListsAfterParse = false;
usrClass1.ParseHive();
var hits = usrClass1.FindInValueData("URL:bing[mhs]", true).ToList();
Check.That(hits.Count).IsEqualTo(3);
hits = usrClass1.FindInValueData("URL:bing[mhts]", true).ToList();
Check.That(hits.Count).IsEqualTo(4);
}
public void ShouldFind4HitsForBinaryDataInValueData()
{
var usrClass1 = new RegistryHive(@"..\..\..\Hives\UsrClass 1.dat");
usrClass1.RecoverDeleted = true;
usrClass1.FlushRecordListsAfterParse = false;
usrClass1.ParseHive();
var hits = usrClass1.FindInValueData("43-74-53-83-24-55-30").ToList();
Check.That(hits.Count).IsEqualTo(6);
hits = usrClass1.FindInValueData("DeB").ToList();
Check.That(hits.Count).IsEqualTo(28);
}
public void ShouldFind4HitsForPostboxUrlInValueData()
{
var usrClass1 = new RegistryHive(@"..\..\..\Hives\UsrClass 1.dat");
usrClass1.RecoverDeleted = true;
usrClass1.FlushRecordListsAfterParse = false;
usrClass1.ParseHive();
var hits = usrClass1.FindInValueData("Postbox URL").ToList();
Check.That(hits.Count).IsEqualTo(4);
}