Introducing volatile_reader

Today I decided I was going to write a small offline registry reader in C# using GTK for the UI. I actually intend on adding both evt and evtx support as well, but these will come later.

In order to read the hives, I wrote a small library included with the utility called VolatileReader.Registry. It is super fast and efficient, it uses a BinaryReader to zip around and read the hive rather than reading the hive into memory, then parsing it. All you must do is pass the contructor of RegistryHive the path to your hive:


RegistryHive hive = new RegistryHive(file);

You can check out the code here: https://github.com/brandonprry/volatile_reader