Screenshots
regripper
regripper
Regripper’s CLI tool can be used to surgically extract, translate, anddisplay information (both data and metadata) from Registry-formattedfiles via plugins in the form of Perl-scripts. It allows the analyst toselect a hive-file to parse and a plugin or a profile, which is a listof plugins to run against the given hive. The results go to STDOUT andcan be redirected to a file, that the analyst designates.
Installed size: 1.05 MB
How to install: sudo apt install regripper
Dependencies:
- libparse-win32registry-perl
- perl
regripper
Forensic analysis of Registry hives
root@kali:~# regripper -hRip v.3.0 - CLI RegRipper toolRip [-r Reg hive file] [-f profile] [-p plugin] [options]Parse Windows Registry files, using either a single module, or a profile.NOTE: This tool does NOT automatically process Registry transaction logs! The tool does check to see if the hive is dirty, but does not automatically process thetransaction logs. If you need to incorporate transaction logs, please consider using yarp + registryFlush.py, or rla.exe from Eric Zimmerman. -r [hive] .........Registry hive file to parse -d ................Check to see if the hive is dirty -g ................Guess the hive file type -a ................Automatically run hive-specific plugins -aT ...............Automatically run hive-specific TLN plugins -f [profile].......use the profile -p [plugin]........use the plugin -l ................list all plugins -c ................Output plugin list in CSV format (use with -l) -s systemname......system name (TLN support) -u username........User name (TLN support) -uP ...............Update default profiles -h.................Help (print this information) Ex: C:\>rip -r c:\case\system -f system C:\>rip -r c:\case\ntuser.dat -p userassist C:\>rip -r c:\case\ntuser.dat -a C:\>rip -l -cAll output goes to STDOUT; use redirection (ie, > or >>) to output to a file. copyright 2020 Quantum Analytics Research, LLC
Updated on: 2024-Mar-11