Thursday, December 18, 2008


RegRipper made the SANS Forensics blog today in a post by John McCash about Windows viewers. Pretty cool stuff! John has deployed RegRipper (actually, rip) in a manner that I hadn't even considered when I wrote launching rip as a viewer via EnCase. Very cool!

How're YOU using RegRipper? Have a plugin you'd like to share? Have a plugin you'd like to see? If you don't feel that your programming skills are up to the job, then all I've ever asked for is a concise description of what you're looking for, and a sample hive file. For stuff like the ShellBags keys or encrypted data, I'll need some formatting or decryption information.

Addendum: Don Weber posted three new RegRipper plugins to the forums...

No comments: