regripper-28000000-5.fc25.noarch.rpm


Advertisement

Description

regripper - A Windows Registry data extraction and correlation tool

Property Value
Distribution Fedora 25
Repository CERT Forensics Tools x86_64
Package name regripper
Package version 28000000
Package release 5.fc25
Package architecture noarch
Package type rpm
Installed size 205.76 KB
Download size 103.65 KB
Official Mirror forensics.cert.org
RegRipper is a Windows Registry data extraction and correlation
tool. RegRipper uses plugins (similar to Nessus) to access specific
Registry hive files in order to access and extract specific keys, values,
and data, and does so by bypassing the Win32API.

Alternatives

Package Version Architecture Repository
regripper-28000000-5.fc25.noarch.rpm 28000000 noarch CERT Forensics Tools
regripper - - -

Requires

Name Value
/usr/bin/perl -
perl -
perl-Parse-Win32Registry -
regripper-plugins -

Provides

Name Value
perl(shellitems.pl) -
regripper = 28000000-5.fc25

Download

Type URL
Binary Package regripper-28000000-5.fc25.noarch.rpm
Source Package regripper-28000000-5.fc25.src.rpm

Install Howto

  1. Download cert-forensics-tools-release-25 rpm:
    https://forensics.cert.org/cert-forensics-tools-release-25.rpm
  2. Install cert-forensics-tools-release-25 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  3. Install regripper rpm package:
    # dnf --enablerepo=forensics install regripper

Files

Path
/usr/bin/auto_rip
/usr/bin/auto_rip.pl
/usr/bin/regripper
/usr/bin/rip.pl
/usr/bin/shellitems
/usr/bin/shellitems.pl
/usr/share/doc/regripper/regripper.pdf

Changelog

2013-08-26 - Lawrence R. Rogers <lrr@cert.org> 28000000-4
* Release 28000000-4
New auto_rip.pl (2012-08-26 version)
Fixes some issues running on Linux
There is a new switch (-r) to save the output reports to a folder of your choice
2013-05-23 - Lawrence R. Rogers <lrr@cert.org> 28000000-3
* Release 28000000-3
Fixed help comments and path for rip.pl.
2013-05-22 - Lawrence R. Rogers <lrr@cert.org> 28000000-2
* Release 28000000-2
Added auto_rip.pl/auto_rip
2013-04-25 - Lawrence R. Rogers <lrr@cert.org> 28000000-1
* Release 28000000-1
Regripper version 2.8
Includes an additional function/subroutine that is available to the plugins: alertMsg().
2012-10-01 - Lawrence R. Rogers <lrr@cert.org> 25000000-2
* Release 25000000-2
Now correctly finds the plugins directory using perl's @INC array.
2012-06-26 - Lawrence R. Rogers <lrr@cert.org> 25000000-1
* Release 25000000-1
Regripper plugins are now a separate package.
2012-06-12 - Lawrence R. Rogers <lrr@cert.org> 20120612-1
* Release 20120612-1
Now uses regripper plugins 20120528
+ NEW PLUGIN by Jason Hale: "typedurlstime.pl" that parses and correlates the TypedURLs and TypedURLsTime subkeys
+ NEW PLUGIN by Jason Hale: "typedurlstime_tln.pl" that parses and correlates the TypedURLs and TypedURLsTime subkeys (output in TLN format)
2012-05-28 - Lawrence R. Rogers <lrr@cert.org> 20120528-2
* Release 20120528-2
Removes old plugins before installing the lastest ones.
2012-05-28 - Lawrence R. Rogers <lrr@cert.org> 20120528-1
* Release 20120528-1
Now uses regripper plugins 20120528
+ NEW PLUGIN by Francesco Picasso: “internet_explorer_cu.pl” that parses the Internet Explorer info from NTUSER.DAT registry
+ NEW PLUGIN by Francesco Picasso: “internet_settings_cu.pl” that parses the Internet Settings info from NTUSER.DAT registry
+ REMOVED plugin “ie_main.pl“, since superseded by “internet_explorer_cu.pl”
+ REMOVED plugin “iexplore.pl“, since superseded by “internet_explorer_cu.pl”
+ FIXED plugin “timezone.pl“, see  Issue14  and see source code comments
+ FIXED plugin “userassist2.pl“, now it parses Windows7 entries, see source code comments
+ ADDED profiles with every plugin listed in alphabetical order: all-all (3), ntuser-all (98), sam-all (1), security-all (3), software-all (56), system-all (46)
+ NOTE RegRipperPlugins now counts 207 plugins
+ KNOWN ISSUES: comdlg32 does not parse Vista/7 subkeys (Issue 15)
2012-02-24 - Lawrence R. Rogers <lrr@cert.org> 20120224-1
* Release 20120224-1
Now uses regripper plugins 20120224
+ NEW PLUGIN by Adrian Leong: "ccleaner.pl" (gets CCleaner User's Settings from NTUSER.DAT)

See Also

Package Description
regripper-plugins-20151216-2.fc25.noarch.rpm Plugins for regripper
regripper-plugins-20170809-1.fc25.noarch.rpm Plugins for regripper
rifiuti-20040505_1-1.fc25.x86_64.rpm Examine the contents of INFO2 in the Windows Recycle bin
rifiuti2-0.5.1-1.fc25.x86_64.rpm Examine the contents of INFO2 in the Windows Recycle bin
rifiuti2-0.6.1-1.fc25.x86_64.rpm Examine the contents of INFO2 in the Windows Recycle bin
scrounge-ntfs-0.9-1.fc25.x86_64.rpm Data recovery program for NTFS file systems
sfdumper-2.2-1.fc25.noarch.rpm A Selective File Dumper program built on top of the Sleuthkit
shellbags-0.5.5-1.fc25.noarch.rpm Cross-platform shellbag parser
silk-analysis-3.13.0-1.fc25.x86_64.rpm SiLK Toolset: The Analysis Suite
silk-analysis-3.14.0-1.fc25.x86_64.rpm SiLK Toolset: The Analysis Suite
silk-analysis-3.15.0-1.fc25.x86_64.rpm SiLK Toolset: The Analysis Suite
silk-analysis-3.16.0-1.fc25.x86_64.rpm SiLK Toolset: The Analysis Suite
silk-analysis-3.16.0-3.fc25.x86_64.rpm SiLK Toolset: The Analysis Suite
silk-analysis-3.16.1-1.fc25.x86_64.rpm SiLK Toolset: The Analysis Suite
silk-analysis-3.17.1-1.fc25.x86_64.rpm SiLK Toolset: The Analysis Suite
Advertisement
Advertisement