Over the past couple weeks I have had a growing appreciation for the hard work that Harlan Carvey has put into his Windows Registry parsing tool RegRipper. Although tools such as MiTeC’s RFV are still necessary when reviewing Windows Registry Hives, RegRipper provides an easy means to gather data into a text document for exporting into case notes and reports.
What really makes RegRipper worth while is that Harlan has gone out of his way to create a tool that is easily extensible. RegRipper pulls data out of Windows Registry Hives through the use of plugins. Although he has created many plugins that are already included in RegRipper there are always going to be something else that would be useful to pull and document.
A good example is a recent case I was working on. I needed to know how big a Windows Event Log was set to grow. Through a little research I discovered the very useful Windows article, Eventlog Key, covering the subject. Using the information in this article I was able to pull out the information using RFV. Of course, I had already run RegRipper and determined that this information had not been pulled by an existing plugin. I started thinking that this information would be useful in the future but I didn’t have time to write a plugin so I just exported the data by hand and drove on. READ MORE
Sponsored by: â–ˆ Sparkhost - Hosting Without Compromises! â–ˆ Hybrid Performance Web Hosting â–ˆ Spark Host Stream Hosting â–ˆ Hybrid IRC & IRCd Server Shell Accounts
Three New RegRipper Plugins
Started by
Blake
, Dec 22 2008 06:09 AM
No replies to this topic
#1
Blake
-
- Retired Admin
-
- 7,334 posts
Former Commander In Chief
Posted 22 December 2008 - 06:09 AM
Subscribe To Our RSS Feed For the Latest News from GovernmentSecurity.orgWould you like to earn money posting on GSO?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
