Operator On The Wire
Join
← Back to Knowledge Base
BLUE TEAM / DFI / MEMORY / DUMP / VOLATILITY / Registry

hivelist

Lists Loaded registry hives

Usage

  • Missing expected hive?
  • Injected one?

Commands

# List registry hives in memory (Vol2)  
vol.py -f <mem> --profile=<profile> hivelist  
  
# List registry hives (Vol3)  
python3 vol.py -f <mem> windows.registry.hivelist