Friday, January 23, 2009

RegRipper goes international!

RegRipper was highlighted recently in com!, a German computer magazine. The edition cover is here, and RegRipper is mentioned in the article entitled, "Die besten FBI-Utilities".

Can anyone provide an English translation of what they said about RegRipper? Danke!

3 comments:

Jamie Butler said...

The best FBI utilities

jr said...

Introduction:
(part concerning regripper in the articles introduction)
Investigators prefer to analyze Windows computers. Reason for that is simple:
the Microsoft OS remebers almost everything and stores in the registry what the user
is doing with his computer. This isn't restricted to the files and applications used
last, but also the names of all applications ever started, and the details of all
usb flash disks and mp3 players ever connected to the pc.
Regripper 2.02 (free available, www.regripper.net) runs through the registry looking
for information relevant to security. It creates a report with all information about
recently used applications and documents.


EXTENDED REGISTRY-ANALYSIS
Regripper 2.02
(part concerning Regripper in the list of tools)
In the registry, a Windows OS saves all information about recetly used applications and documents.
Regripper 2.02 eases the extraction of this data into a clearly arranged report. It analyzes the content
of the file "NTUSER.DAT". This file is protected while Windows is running. To access it, you need to boot
the computer with a Live-CD like Ubuntu 8.10 and copy the "NTUSER.DAT" onto an usb flash disk.
This file is located in the folder „C:\Documents and Settings\Your Username“.
This is how it works: Unpack the contents of the archive into a folder of your choice on your local harddisk
and double-click "rr.exe" to start RegRipper. Click on the upper "Browse"-Button and choose the previously extracted "NTUSER.DAT". Now click the lower "Browse"-Button and select a folder where Regripper shall save the report.
After "Filename" type eg. "Registry-Analysis.txt" and confirm by clicking "Open".
Now select the entry "ntuser" from "Plugin file" and click on "Rip It".
Regripper is now analysing the registry hive and saving the results into a txt-file.
You can open this file in any text-editor for example Notepad.

---

And damn, 1.40EUR where way too much cash for the pdf of this magazine...

Keydet89 said...

jr,

Thanks for the translation!