python-registry-1.2.0-1.fc25.i686.rpm


Advertisement

Description

python-registry - Read access to Windows Registry Files

Distribution: Fedora 25
Repository: CERT Forensics Tools i386
Package name: python-registry
Package version: 1.2.0
Package release: 1.fc25
Package architecture: i686
Package type: rpm
Installed size: 186.26 KB
Download size: 45.64 KB
Official Mirror: forensics.cert.org
python-registry was originally written by Willi Ballenthin, a forensicator at Mandiant who wanted to access the contents of the Windows Registry from his Linux laptop. python-registry currently provides read-only access to Windows Registry files, such as NTUSER.DAT, userdiff, and SAM. The interface is two-fold: a high-level interface suitable for most tasks, and a low level set of parsing objects and methods which may be used for advanced study of the Windows Registry. python-registry is written in pure Python, making it portable across all major platforms.

Alternatives

Provides

  • python-registry = 1.2.0-1.fc25
  • python-registry(x86-32) = 1.2.0-1.fc25
  • python2.7dist(python-registry) = 1.2.0
  • python2dist(python-registry) = 1.2.0

    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
      https://forensics.cert.org/cert-forensics-tools-release-25.rpm
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install python-registry rpm package:
      # dnf --enablerepo=forensics install python-registry

    Files

    • /usr/lib/python2.7/site-packages/Registry/Registry.py
    • /usr/lib/python2.7/site-packages/Registry/Registry.pyc
    • /usr/lib/python2.7/site-packages/Registry/Registry.pyo
    • /usr/lib/python2.7/site-packages/Registry/RegistryLog.py
    • /usr/lib/python2.7/site-packages/Registry/RegistryLog.pyc
    • /usr/lib/python2.7/site-packages/Registry/RegistryLog.pyo
    • /usr/lib/python2.7/site-packages/Registry/RegistryParse.py
    • /usr/lib/python2.7/site-packages/Registry/RegistryParse.pyc
    • /usr/lib/python2.7/site-packages/Registry/RegistryParse.pyo
    • /usr/lib/python2.7/site-packages/Registry/__init__.py
    • /usr/lib/python2.7/site-packages/Registry/__init__.pyc
    • /usr/lib/python2.7/site-packages/Registry/__init__.pyo
    • /usr/lib/python2.7/site-packages/python_registry-1.2.0-py2.7.egg-info/PKG-INFO
    • /usr/lib/python2.7/site-packages/python_registry-1.2.0-py2.7.egg-info/SOURCES.txt
    • /usr/lib/python2.7/site-packages/python_registry-1.2.0-py2.7.egg-info/dependency_links.txt
    • /usr/lib/python2.7/site-packages/python_registry-1.2.0-py2.7.egg-info/requires.txt
    • /usr/lib/python2.7/site-packages/python_registry-1.2.0-py2.7.egg-info/top_level.txt
    • /usr/share/doc/python-registry/LICENSE.TXT
    • /usr/share/doc/python-registry/README.MD

    Changelog

    2015-12-22 - Willi Ballenthin <willi.ballenthin@gmail.com> 1.2.0-1 * Release 1.2.0-1 - [DEPRECATED] records() in HBINBlock, use the more correct cells() instead, by @NiKiZe - fix bug in parsing of resident values with length zero, reported and patched by @BridgeyTheGeek - fix handling of path cycles, reported and patched by @sbv-csis

    2015-02-26 - Willi Ballenthin <willi.ballenthin@gmail.com> 1.1.0-2 * Release 1.1.0-2 This is the version available on 2015-02-26 which is a patch to 1.1.0 making release 2.

    2015-02-16 - Willi Ballenthin <willi.ballenthin@gmail.com> 1.1.0-1 * Release 1.1.0-1 1.1.0 - add raw_data method - fix testing scripts and methods - add amcache.hve parsing script - add script for mounting hive as file system via FUSE - many fixes, including checksum calculations, by @NiKiZe - fixes to RegDateTime parsing by @woanware

    2014-07-03 - Willi Ballenthin <willi.ballenthin@gmail.com> 1.0.4-1 * Release 1.0.4-1 1.0.4 - correctly handle value types on Vista+ that require a DEVPROP_MASK_TYPE mask, thanks to @woanware - support the new RegDateTime value type, used for instance in some USBSTOR values, thanks to @woanware 1.0.3 - use setuptools over distutils 1.0.2 - can now fetch hive name from a Registry hive, thanks to @woanware, @jallmantalbot - can now guess the Registry hive type (NTUSER, USRCLASS, etc) from the hive name, thanks to @woanware - better handling of key/value names through use of Windows-1252 encoding, thanks to @jallmantalbot and Joel Schnieder

    2014-01-14 - Willi Ballenthin <willi.ballenthin@gmail.com> 1.0.1-1 * Release 1.0.1-1 1.0.1 - better detection and handling of malformed Unicode, thanks to @jallmantalbot and matt.a.hastings - minor changes to formatting in sample scripts 1.0.0 - implemented Python3 support thanks to @3ev0

    2012-01-04 - Willi Ballenthin <willi.ballenthin@gmail.com> 0.2.3-1 * Release 0.2.3-1

    Advertisement
    Advertisement