Windows Registry Forensics

[techie phone]

How does one backup the registry for off line forensics analysis. Some
tutorials advise to export from the regedit.exe program. I tried this
method and ended up with a 224 meg file. I plan on using regripper 2.02,
the open source software. Suggestions are welcome.

thank you.

[John John - MVP]

Being that forensic tools are usually used on dead or 'sleeping'
installations your registry tool should just be able to open the
registry files in the WINNT\system32\config folder. If you want to
create a backup you can select to backup the registry when you create an
Emergency Repair Disk and a backup will be stored in the
\WINNT\repair\RegBack folder.

John