Re: [Libguestfs] hivexml - Flattened vs. Expanded XML
This would be very much dependent on the kind of processing desired; I can
immediately see several XPath queries I might want to write which would be
unwieldy to represent without the tree structure preserved.
Flattening the document removes much of the utility of XML-based toolchains,
while still paying a penalty in storage size and parser complexity; at that
point, why not just export to the conventional .reg text format?
On Fri, Mar 19, 2010 at 3:45 PM, Simson Garfinkel <simsong(a)acm.org> wrote:
All,
Greetings. I am new to this mailing list.
We have been working with XML for digital forensics. One of the areas that
we wish to create a schema for is the representation of registry entries.
We are interested in hivexml as a tool for extracting the registry as an
XML representation.
In our discussion with possible users, we have generally come to the
conclusion that it is useful to represent each XML key as a fully expanded
path, rather than preserving the tree structure of the registry hive.
Although this may seem verbose, it makes processing the data significantly
easier.
Is working with the hivexml system in a production environment? If so, do
you have any thoughts on this matter?
You can find an example of the digital forensics XML at:
http://www.forensicswiki.org/wiki/Fiwalk
Regards,
Simson Garfinkel
_______________________________________________
Libguestfs mailing list
Libguestfs(a)redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs
Attachments:
- attachment.html (text/html — 2.0 KB)