This is the command reglookup-timeline that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
reglookup-timeline - Windows NT+ registry MTIME timeline generator
SYNOPSIS
reglookup-timeline [-H] registry-file [registry-file ...]
DESCRIPTION
This script is a wrapper for reglookup(1), and reads one or more registry files to produce
an MTIME-sorted output. This is helpful when building timelines for forensic
investigations.
PARAMETERS
reglookup-timeline accepts one or more registry file names. All of the provided registries
will be parsed using reglookup(1). The -H option may be used to omit the header line.
OUTPUT
reglookup-timeline generates a comma-separated values (CSV) compatible format to stdout.
While the output of reglookup-timeline and reglookup(1) differ in the columns returned,
the base format is the same.
Currently, reglookup-timeline returns three columns: MTIME, FILE, and PATH. Only rows
representing registry keys are returned, since MTIMEs are not stored for values. The FILE
column indicates which registry file (provided as an argument) the key came from. Finally,
the PATH field contains the full registry path to the key. Records are returned sorted in
ascending order based on the MTIME column.
Use reglookup-timeline online using onworks.net services
