The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis 2/e", "Windows Registry Forensics", "Windows Forensic Analysis Toolkit 3/e",
as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".
Saturday, November 15, 2008
New Code Posted
I posted JT's deleted.zip code to the RegRipper site this morning...go to Downloads, click on RegRipper, and you'll see the zipped archive listed there. The forums are down at the moment so I'll post the simplest usage her...simply unzip the archive into a directory and use the command line:
It's that easy.
Addendum: No, this is NOT a RegRipper plugin...this is JT's code which is completely separate from RegRipper.