regripper-28000000-5.fc25.noarch.rpm


Advertisement

Description

regripper - A Windows Registry data extraction and correlation tool

Distribution: Fedora 25
Repository: CERT Forensics Tools x86_64
Package name: regripper
Package version: 28000000
Package release: 5.fc25
Package architecture: noarch
Package type: rpm
Installed size: 205.76 KB
Download size: 103.65 KB
Official Mirror: forensics.cert.org
RegRipper is a Windows Registry data extraction and correlation tool. RegRipper uses plugins (similar to Nessus) to access specific Registry hive files in order to access and extract specific keys, values, and data, and does so by bypassing the Win32API.

Alternatives

Provides

  • perl(shellitems.pl)
  • regripper = 28000000-5.fc25

    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
      https://forensics.cert.org/cert-forensics-tools-release-25.rpm
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install regripper rpm package:
      # dnf --enablerepo=forensics install regripper

    Files

    • /usr/bin/auto_rip
    • /usr/bin/auto_rip.pl
    • /usr/bin/regripper
    • /usr/bin/rip.pl
    • /usr/bin/shellitems
    • /usr/bin/shellitems.pl
    • /usr/share/doc/regripper/regripper.pdf

    Changelog

    2013-08-26 - Lawrence R. Rogers <lrr@cert.org> 28000000-4 * Release 28000000-4 New auto_rip.pl (2012-08-26 version) Fixes some issues running on Linux There is a new switch (-r) to save the output reports to a folder of your choice

    2013-05-23 - Lawrence R. Rogers <lrr@cert.org> 28000000-3 * Release 28000000-3 Fixed help comments and path for rip.pl.

    2013-05-22 - Lawrence R. Rogers <lrr@cert.org> 28000000-2 * Release 28000000-2 Added auto_rip.pl/auto_rip

    2013-04-25 - Lawrence R. Rogers <lrr@cert.org> 28000000-1 * Release 28000000-1 Regripper version 2.8 Includes an additional function/subroutine that is available to the plugins: alertMsg().

    2012-10-01 - Lawrence R. Rogers <lrr@cert.org> 25000000-2 * Release 25000000-2 Now correctly finds the plugins directory using perl's @INC array.

    2012-06-26 - Lawrence R. Rogers <lrr@cert.org> 25000000-1 * Release 25000000-1 Regripper plugins are now a separate package.

    2012-06-12 - Lawrence R. Rogers <lrr@cert.org> 20120612-1 * Release 20120612-1 Now uses regripper plugins 20120528 + NEW PLUGIN by Jason Hale: "typedurlstime.pl" that parses and correlates the TypedURLs and TypedURLsTime subkeys + NEW PLUGIN by Jason Hale: "typedurlstime_tln.pl" that parses and correlates the TypedURLs and TypedURLsTime subkeys (output in TLN format)

    2012-05-28 - Lawrence R. Rogers <lrr@cert.org> 20120528-2 * Release 20120528-2 Removes old plugins before installing the lastest ones.

    2012-05-28 - Lawrence R. Rogers <lrr@cert.org> 20120528-1 * Release 20120528-1 Now uses regripper plugins 20120528 + NEW PLUGIN by Francesco Picasso: “internet_explorer_cu.pl” that parses the Internet Explorer info from NTUSER.DAT registry + NEW PLUGIN by Francesco Picasso: “internet_settings_cu.pl” that parses the Internet Settings info from NTUSER.DAT registry + REMOVED plugin “ie_main.pl“, since superseded by “internet_explorer_cu.pl” + REMOVED plugin “iexplore.pl“, since superseded by “internet_explorer_cu.pl” + FIXED plugin “timezone.pl“, see Issue14 and see source code comments + FIXED plugin “userassist2.pl“, now it parses Windows7 entries, see source code comments + ADDED profiles with every plugin listed in alphabetical order: all-all (3), ntuser-all (98), sam-all (1), security-all (3), software-all (56), system-all (46) + NOTE RegRipperPlugins now counts 207 plugins + KNOWN ISSUES: comdlg32 does not parse Vista/7 subkeys (Issue 15)

    2012-02-24 - Lawrence R. Rogers <lrr@cert.org> 20120224-1 * Release 20120224-1 Now uses regripper plugins 20120224 + NEW PLUGIN by Adrian Leong: "ccleaner.pl" (gets CCleaner User's Settings from NTUSER.DAT)

    Advertisement
    Advertisement