registrydecoder-20120816-2.fc25.x86_64.rpm


Advertisement

Description

registrydecoder - registrydecoder - automates acquisition, analysis, and reporting of Microsoft Windows registry contents

Distribution: Fedora 25
Repository: CERT Forensics Tools x86_64
Package name: registrydecoder
Package version: 20120816
Package release: 2.fc25
Package architecture: x86_64
Package type: rpm
Installed size: 1.42 MB
Download size: 627.12 KB
Official Mirror: forensics.cert.org
This version of the Registry Decoder performs offline analysis (on an investigator’s lab machine) of acquired registry files. This project can be found here. The current version of this tool can process raw disk images, partition images, individual registry files, and the database of hives acquired by the online component. When given a disk image, the Sleuthkit libraries are used to parse the image and read each registry hive. This includes the ability to acquire historical files from System Restore Points as well as the RegBack folder of Vista and 7 images. Individual registry hives are processed using libraries from the RegLookup project. After being provided with all registry-oriented evidence for a particular case, which can be any combination of registry files, disk images, and acquired databases, Registry Decoder performs a one-time pre-processing of the evidence. During this process, it creates a number of databases and metadata files that contain all information needed to analyze the files. The analysis section of the offline component contains a number of powerful features. The first feature is Search, which allows for powerful searching across registry hives. The searching abilities include: * Filtering by hive keys, name, and data * Filtering by the last write time of keys * Searching individual terms or with a newline delimited search term file * Exact or wildcard based search * Viewing of search results * Automated reporting of search contents to HTML, PDF, or XLS

Alternatives

Provides

  • registrydecoder = 20120816-2.fc25
  • registrydecoder(x86-64) = 20120816-2.fc25

    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
      https://forensics.cert.org/cert-forensics-tools-release-25.rpm
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install registrydecoder rpm package:
      # dnf --enablerepo=forensics install registrydecoder

    Files

    • /usr/bin/registrydecoder
    • /usr/lib64/python2.7/site-packages/registrydecoder/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/cleanwindows.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/cleanwindows.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/cleanwindows.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/common.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/common.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/common.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/errorclasses.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/errorclasses.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/errorclasses.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/ewf.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/ewf.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/ewf.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/guicontroller.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/guicontroller.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/guicontroller.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/guimain.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/guimain.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/guimain.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/opencase.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/opencase.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/opencase.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/pyinstaller.spec
    • /usr/lib64/python2.7/site-packages/registrydecoder/report_manager.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/report_manager.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/report_manager.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/start_processing.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/start_processing.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/start_processing.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/template_manager.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/template_manager.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/template_manager.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/caseanalysis.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/caseanalysis.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/caseanalysis.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/convui.sh
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/createcase.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/createcase.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/createcase.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/filetab.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/filetab.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/filetab.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/generate_forms.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/generate_forms.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/generate_forms.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/guicommon.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/guicommon.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/guicommon.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/pathtab.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/pathtab.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/pathtab.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/plugintab.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/plugintab.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/plugintab.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/reportfuncs.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/reportfuncs.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/reportfuncs.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/searchtab.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/searchtab.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/searchtab.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/timelinetab.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/timelinetab.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/timelinetab.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/oldforms/exportall.ui
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/uifiles/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/uifiles/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/uifiles/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/uifiles/registrydecoder.ui
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/uifiles/registrydecoder_ui.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/uifiles/registrydecoder_ui.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/GUI/uifiles/registrydecoder_ui.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/acquirefiles/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/acquirefiles/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/acquirefiles/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/acquirefiles/acquire_files.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/acquirefiles/acquire_files.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/acquirefiles/acquire_files.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/acquirefiles/image_classes.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/acquirefiles/image_classes.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/acquirefiles/image_classes.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringtable.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringtable.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringtable.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/dbhandler.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/dbhandler.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/dbhandler.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/mysql.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/mysql.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/mysql.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/sqlite3handler.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/sqlite3handler.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/strings/stringdatabase/sqlite3handler.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/tree/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/tree/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/tree/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/tree/paralleltree.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/tree/paralleltree.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/tree/paralleltree.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/values/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/values/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/values/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/values/valuestable.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/values/valuestable.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/datastructures/values/valuestable.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/acquire_files.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/acquire_files.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/acquire_files.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/evidence_database.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/evidence_database.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/evidence_database.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/registry_sig.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/registry_sig.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/registry_sig.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/tree_handler.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/tree_handler.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/initial_processing/tree_handler.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/pyinstaller/hook-regdecoder.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/pyinstaller/hook-regdecoder.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/pyinstaller/hook-regdecoder.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/pyinstaller/hook-reporting.report_manager.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/pyinstaller/hook-reporting.report_manager.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/pyinstaller/hook-reporting.report_manager.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/pyinstaller/hook-templates.template_manager.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/pyinstaller/hook-templates.template_manager.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/pyinstaller/hook-templates.template_manager.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/harness.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/harness.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/harness.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regfile.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regfile.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regfile.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regkey.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regkey.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regkey.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regparser.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regparser.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regparser.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regvalue.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regvalue.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/registryparser/regvalue.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/commasep.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/commasep.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/commasep.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/html.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/html.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/html.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/pdf.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/pdf.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/pdf.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/screen_display.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/screen_display.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/screen_display.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/xls.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/xls.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/reporting/report_formats/xls.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/BHO.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/BHO.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/BHO.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ShellBagMRU.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ShellBagMRU.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ShellBagMRU.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ShellBags.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ShellBags.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ShellBags.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/StreamMRU.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/StreamMRU.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/StreamMRU.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/acmru.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/acmru.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/acmru.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/appinitdlls.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/appinitdlls.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/appinitdlls.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/apppaths.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/apppaths.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/apppaths.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/computer_name.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/computer_name.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/computer_name.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/firewall_policy.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/firewall_policy.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/firewall_policy.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ide_devs.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ide_devs.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ide_devs.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ie_typed_urls.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ie_typed_urls.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/ie_typed_urls.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/last_access_disabled.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/last_access_disabled.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/last_access_disabled.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/listusers.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/listusers.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/listusers.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/map_network_drive_letters.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/map_network_drive_letters.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/map_network_drive_letters.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/map_network_drive_mru.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/map_network_drive_mru.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/map_network_drive_mru.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/mmc_mru.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/mmc_mru.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/mmc_mru.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/mounted_devices.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/mounted_devices.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/mounted_devices.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/mrulist.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/mrulist.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/mrulist.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/muicache.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/muicache.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/muicache.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/muicache_update.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/muicache_update.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/muicache_update.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/profile_list.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/profile_list.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/profile_list.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/recent_docs.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/recent_docs.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/recent_docs.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/recent_docs_update.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/recent_docs_update.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/recent_docs_update.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/sbp2.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/sbp2.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/sbp2.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/services.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/services.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/services.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/system_run.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/system_run.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/system_run.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/system_run_update.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/system_run_update.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/system_run_update.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/timezone.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/timezone.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/timezone.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/typed_paths.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/typed_paths.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/typed_paths.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/usbstor.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/usbstor.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/usbstor.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/user_assist.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/user_assist.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/user_assist.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/user_run.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/user_run.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/user_run.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/user_software.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/user_software.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/user_software.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_install_info.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_install_info.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_install_info.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_logon_info.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_logon_info.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_logon_info.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_uninstall.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_uninstall.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_uninstall.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_version.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_version.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/windows_version.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/winrar_archive_history.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/winrar_archive_history.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/winrar_archive_history.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/wireless_networks.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/wireless_networks.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/wireless_networks.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/wordwheelquery.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/wordwheelquery.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/template_files/wordwheelquery.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/util/__init__.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/util/__init__.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/util/__init__.pyo
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/util/util.py
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/util/util.pyc
    • /usr/lib64/python2.7/site-packages/registrydecoder/templates/util/util.pyo
    • /usr/share/doc/registrydecoder/RegistryDecoder-Offline-Analysis-Instructions-v1.1.pdf

    Changelog

    2016-10-25 - Lawrence R. Rogers <lrr@cert.org> 20120816-2 * Release 20120816-2 Changed dependency from pytsk to pytsk3.

    2012-07-16 - Lawrence R. Rogers <lrr@cert.org> 20120816-1 * Release 20120816-1 This is version 1.4 of the registry decoder. This is a build of the file labeled regdecoderR103.zip. See http://code.google.com/p/registrydecoder/source/list for the changes

    2012-07-09 - Lawrence R. Rogers <lrr@cert.org> 20120709-1 * Release 20120709-1 This is a build of the file labeled regdecoderR99.zip. See http://code.google.com/p/registrydecoder/source/list for the changes

    2012-06-29 - Lawrence R. Rogers <lrr@cert.org> 20120629-1 * Release 20120629-1 This is release 1.3 of registrydecoder. See http://code.google.com/p/registrydecoder/source/list for the changes

    2012-02-02 - Lawrence R. Rogers <lrr@cert.org> 20120202-1 * Release 20120202-1 This is release 1.2 of registrydecoder. See http://code.google.com/p/registrydecoder/source/list for the changes

    2011-11-02 - Lawrence R. Rogers <lrr@cert.org> 20111103-1 * Release 20111103-1 This is release 1.1 of registrydecoder. New Features include: - Support for processing Encase (E01) files and split images - Full wildcard searching - Adding evidence after a case is created - Exporting of paths and their key/value pairs - Timelining of keys from the GUI into the Sleuthkit format - Running plugins from the command line - Running custom plugins outside the main executable/package - Support for dual boot machines Updates include: - Reports now have their extension appended if the user doesn't enter them - Reports can now be filtered by either deleting results or shift/ctrl selecting results - Users can right click within the Browse View to search directly for paths - The name/value box in the Browse View is now sortable - We also have six new plugins from Kevin Moore of CERT!

    2011-09-23 - Lawrence R. Rogers <lrr@cert.org> 20110919-1 * Release 20110919-1 * Initial release

    Advertisement
    Advertisement