Volatality Cheatsheet (2 and 3, but mostly 3)

Good reference: https://andreafortuna.org/2017/07/31/volatility-my-own-cheatsheet-part-6-windows-registry/

Dump registry⌗

• vol2 -f voltest.dmp –profile=Win7SP1x86 dumpregistry -D output_dir

• vol3 -f voltest.dmp -o output_dir windows.registry.hivelist –dump