[Libguestfs] hivexml - Flattened vs. Expanded XML
Charles Duffy
charles at dyfis.net
Fri Mar 19 21:34:58 UTC 2010
This would be very much dependent on the kind of processing desired; I can
immediately see several XPath queries I might want to write which would be
unwieldy to represent without the tree structure preserved.
Flattening the document removes much of the utility of XML-based toolchains,
while still paying a penalty in storage size and parser complexity; at that
point, why not just export to the conventional .reg text format?
On Fri, Mar 19, 2010 at 3:45 PM, Simson Garfinkel <simsong at acm.org> wrote:
> All,
>
> Greetings. I am new to this mailing list.
>
> We have been working with XML for digital forensics. One of the areas that
> we wish to create a schema for is the representation of registry entries.
>
> We are interested in hivexml as a tool for extracting the registry as an
> XML representation.
>
> In our discussion with possible users, we have generally come to the
> conclusion that it is useful to represent each XML key as a fully expanded
> path, rather than preserving the tree structure of the registry hive.
> Although this may seem verbose, it makes processing the data significantly
> easier.
>
> Is working with the hivexml system in a production environment? If so, do
> you have any thoughts on this matter?
>
> You can find an example of the digital forensics XML at:
> http://www.forensicswiki.org/wiki/Fiwalk
>
> Regards,
>
> Simson Garfinkel
>
>
> _______________________________________________
> Libguestfs mailing list
> Libguestfs at redhat.com
> https://www.redhat.com/mailman/listinfo/libguestfs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20100319/7f51a84e/attachment.htm>
More information about the Libguestfs
mailing list