tag:blogger.com,1999:blog-9518042.post1849868403462016262..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Yet another way to use RegRipperUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-9518042.post-45428842495390064302008-12-03T20:53:00.000-05:002008-12-03T20:53:00.000-05:00nvm, silly quotes! It works now. Ty for the great ...nvm, silly quotes! It works now. Ty for the great scripts too Harlan.<BR/><BR/>SoniaAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-86483923523102863542008-12-03T20:46:00.000-05:002008-12-03T20:46:00.000-05:00I think anything that reduces the click-fest that ...I think anything that reduces the click-fest that is unavoidable when shunting data around our burgeoning forensic toolbox is a good thing!<BR/><BR/>Can't get the &pause line to work though. Piping the output to the clipboard on a Vista box might work.<BR/><BR/>SoniaAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-79541717918211595452008-11-21T09:36:00.000-05:002008-11-21T09:36:00.000-05:00John,Great stuff! This is exactly what's needed.....John,<BR/><BR/>Great stuff! This is exactly what's needed...this kind of explanation.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-37480420468524355062008-11-21T09:33:00.000-05:002008-11-21T09:33:00.000-05:00Harlan - Just to clarify, what the specified comma...Harlan - Just to clarify, what the specified command actually does is to change the current directory for the spawned 'file viewer' to D:\regripper, then run 'rip -r [file] -r all', and pause with the results displayed in the Windows shell pop-up window until the user hits a key. This allows me to quickly and easily preview the results of running regripper on a registry hive file, without having to actually export the file and run it by hand. If I want to save the results, I either run it manually, or copy and paste the results from the shell window. You will probably need to also increase the buffer and windows size for your Windows shell. I did it this way because neither notepad or wordpad will read from standard input. <BR/> John McCashAnonymousnoreply@blogger.com