Craig, I can think of two solutions: 1) boot, as you have been attempting, but with some modification, and 2) migrate the application you are interested. With respect to the first course of action, you have two restore your backup but change the registry information as it pertains to the hardware configuration. See, MS KB Article ID: Q130928, Restoring a Backup of Windows NT to Another Computer. To migrate the application, restore the registry hives of your backed up machine and then look for the registry entries pertaining to the application. Create the keys on your workstation that are identical to the pertinent keys in the backup. With the registry and any relevant ini files as a reference, copy the application files from the backup to an identical location on your work station. Troy Larson (Direct) 425-793-1988 (Cell) 425-503-5845 ntevidenceat_private AIM Address: WestCoastCFS -----Original Message----- From: Craig Earnshaw [mailto:Craig.Earnshawat_private] Sent: Sunday, July 15, 2001 10:35 AM To: Forensicsat_private Subject: Windows 2000 HAL's Does anyone have any experience of changing the Hardware Abstraction Layer (HAL) on a Windows 2000 machine? I recently imaged a W2K machine (with SafeBack) and now need to boot it in order to get one of the apps installed on the machine up and running. The problem that I'm facing is that the HAL that is installed on that restored drive will not interact with any of my workstations in the lab. Unfortunately I can't just copy the file relating to the app onto a different drive and run it that way due to config and dll details etc. Also, I can't get an uninstalled version of the app as it was custom written for the company to whom the machine belonged (and they're on the other side to my case!). When I've come across this before I've been able to get around it by installing the imaged drive in the original machine, however, in this case, I don't have any access to the original machine. Any thoughts/comments etc would be most helpful as I've got a fairly tight deadline on this one. Thanks Craig ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 13:26:45 PDT