RegRipper
-
Price$0
- Website
RegRipper is a digital forensic tool designed for the extraction and analysis of Windows Registry data. The Windows Registry, a hierarchical database storing low-level settings for the operating system and installed applications, often contains a wealth of information valuable to forensic investigators. RegRipper extracta keys, values, and other associated data.
RegRipper is a plugin-based architecture. This allows users to employ specific plugins for targeted analysis, ensuring that the tool remains adaptable to various investigative needs. Whether you're looking to uncover user activities, application installation histories, or network configurations, there's likely a RegRipper plugin tailored for the task.
Key capabilities of RegRipper include:
With the GUI (rr.exe), you no longer have to select a profile;. Instead, select the hive to parse, and the output directory and the GUI will automatically run all applicable plugins against the hive. This capability is included in rip.exe, as well, via the -a switch. As an alternative, you can use the -aT switch to run all hive-specific TLN plugins against the hive. The ability to run individual plugins, as well as profiles, has been retained, as well. You can see other options available by typing rip or rip -h or rip /? at the command line.
Date Format - There was a GitHub issue posted, asking that the date format be changed to be IAW ISO 8601. However, the actual format provided as part of the issue/request was IAW the RFC 3339 profile (i.e., space between the date and time).
Add a review