python-registry - Read access to Windows Registry Files

Property Value
Distribution Fedora 25
Repository CERT Forensics Tools x86_64
Package name python-registry
Package version 1.2.0
Package release 1.fc25
Package architecture x86_64
Package type rpm
Installed size 186.25 KB
Download size 45.70 KB
Official Mirror
python-registry was originally written by Willi Ballenthin, a forensicator at Mandiant who wanted to access the contents of the
Windows Registry from his Linux laptop. python-registry currently provides read-only access to Windows Registry files,
such as NTUSER.DAT, userdiff, and SAM. The interface is two-fold: a high-level interface suitable for most tasks, and a low level
set of parsing objects and methods which may be used for advanced study of the Windows Registry. python-registry is written in pure
Python, making it portable across all major platforms.


Package Version Architecture Repository
python-registry-1.2.0-1.fc25.i686.rpm 1.2.0 i686 CERT Forensics Tools
python-registry - - -


Name Value
python >= 2.7
python(abi) = 2.7


Name Value
python-registry = 1.2.0-1.fc25
python-registry(x86-64) = 1.2.0-1.fc25
python2.7dist(python-registry) = 1.2.0
python2dist(python-registry) = 1.2.0


Type URL
Binary Package python-registry-1.2.0-1.fc25.x86_64.rpm
Source Package python-registry-1.2.0-1.fc25.src.rpm

Install Howto

  1. Download cert-forensics-tools-release-25 rpm:
  2. Install cert-forensics-tools-release-25 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  3. Install python-registry rpm package:
    # dnf --enablerepo=forensics install python-registry




2015-12-22 - Willi Ballenthin <> 1.2.0-1
* Release 1.2.0-1
- [DEPRECATED] records() in HBINBlock, use the more correct cells() instead, by @NiKiZe
- fix bug in parsing of resident values with length zero, reported and patched by @BridgeyTheGeek
- fix handling of path cycles, reported and patched by @sbv-csis
2015-02-26 - Willi Ballenthin <> 1.1.0-2
* Release 1.1.0-2
This is the version available on 2015-02-26 which is a patch to 1.1.0 making release 2.
2015-02-16 - Willi Ballenthin <> 1.1.0-1
* Release 1.1.0-1
- add raw_data method
- fix testing scripts and methods
- add amcache.hve parsing script
- add script for mounting hive as file system via FUSE
- many fixes, including checksum calculations, by @NiKiZe
- fixes to RegDateTime parsing by @woanware
2014-07-03 - Willi Ballenthin <> 1.0.4-1
* Release 1.0.4-1
- correctly handle value types on Vista+ that require a DEVPROP_MASK_TYPE mask, thanks to @woanware
- support the new RegDateTime value type, used for instance in some USBSTOR values, thanks to @woanware
- use setuptools over distutils
- can now fetch hive name from a Registry hive, thanks to @woanware, @jallmantalbot
- can now guess the Registry hive type (NTUSER, USRCLASS, etc) from the hive name, thanks to @woanware
- better handling of key/value names through use of Windows-1252 encoding, thanks to @jallmantalbot and Joel Schnieder
2014-01-14 - Willi Ballenthin <> 1.0.1-1
* Release 1.0.1-1
- better detection and handling of malformed Unicode, thanks to @jallmantalbot and matt.a.hastings
- minor changes to formatting in sample scripts
- implemented Python3 support thanks to @3ev0
2012-01-04 - Willi Ballenthin <> 0.2.3-1
* Release 0.2.3-1

See Also

Package Description
python2-certifi-2016.9.26-2.fc25.noarch.rpm %{sum}
python2-certifi-2018.1.18-1.fc25.noarch.rpm %{sum}
python2-psutil-5.4.3-4.fc25.x86_64.rpm A process and system utilities module for Python
python2-ssdeep-3.2-1.fc25.x86_64.rpm Python wrapper for the ssdeep library
python3-certifi-2016.9.26-2.fc25.noarch.rpm Python 3 package for providing Mozilla's CA Bundle
python3-certifi-2018.1.18-1.fc25.noarch.rpm Python 3 package for providing Mozilla's CA Bundle
python3-psutil-5.4.3-4.fc25.x86_64.rpm A process and system utilities module for Python
python3-ssdeep-3.2-1.fc25.x86_64.rpm Python wrapper for the ssdeep library
pytsk3-20160721-1.fc25.x86_64.rpm pytsk - Python binding for The Sleuth Kit
pytsk3-20170324-1.fc25.x86_64.rpm pytsk - Python binding for The Sleuth Kit
pytsk3-20170802-1.fc25.x86_64.rpm pytsk - Python binding for The Sleuth Kit
pytsk3-20171108-1.fc25.x86_64.rpm pytsk - Python binding for The Sleuth Kit
pytsk3-20180228-1.fc25.x86_64.rpm pytsk - Python binding for The Sleuth Kit
qphotorec-7.0-3.1.fc25.x86_64.rpm Signature based file carver. Recover lost files
radare- Reverse Engineering Framework