Help Using Kali Linux to Parse DD Image for Windows Registry Info

[Richard Wheeless]

Hello All!!!

I am a new member looking for some assistance in terms of using Kali Linux to parse a dd image of a Window's computer for Window's registry info and extract relevant info.

I am working on a project of creating a tutorial for new Digital Forensics students to learn the subject, specifically in Kali Linux.  Basically, we are using the NIST CfREDS Data Leakage example to create a power point containing slides with screenshots of the process of finding the answers in Kali LInux along with instructions and helpful hints.  I have the answers (https://www.cfreds.nist.gov/data_leakage_case/leakage-answers.pdf); it is just my job to show how they are obtained.  

Oh, one more thing.  Specifically, this has to be done with Zsecurity's newest Kali Custom Image in Vbox.

My part of this project is questions 35 to 60.  So far, I have used RegRipper, BulkExtractor, Exiftool, and a few other tools.  Basically, the challenge is to use Kali Linux to parse the Window's registry from a dd image of a windows computer and extract relevant info for the questions.

I look forward to your suggestions; thanks very much in advance for any help you can give me!!!  Have a great remainder of the weekend.

Best,

Maxwell