Re: [Libguestfs] hivexml - Flattened vs. Expanded XML

This would be very much dependent on the kind of processing desired; I can immediately see several XPath queries I might want to write which would be unwieldy to represent without the tree structure preserved. Flattening the document removes much of the utility of XML-based toolchains, while still paying a penalty in storage size and parser complexity; at that point, why not just export to the conventional .reg text format? On Fri, Mar 19, 2010 at 3:45 PM, Simson Garfinkel <simsong(a)acm.org&gt; wrote: All, Greetings. I am new to this mailing list. We have been working with XML for digital forensics. One of the areas that we wish to create a schema for is the representation of registry entries. We are interested in hivexml as a tool for extracting the registry as an XML representation. In our discussion with possible users, we have generally come to the conclusion that it is useful to represent each XML key as a fully expanded path, rather than preserving the tree structure of the registry hive. Although this may seem verbose, it makes processing the data significantly easier. Is working with the hivexml system in a production environment? If so, do you have any thoughts on this matter? You can find an example of the digital forensics XML at: http://www.forensicswiki.org/wiki/Fiwalk Regards, Simson Garfinkel _______________________________________________ Libguestfs mailing list Libguestfs(a)redhat.com https://www.redhat.com/mailman/listinfo/libguestfs