Just in time from Christmas, James MacFarlane has give us some Perly goodness! James has updated Parse::Win32Registry to version 0.41! The update appears to be to get key classnames, and is demonstrated in an additional script that James has provided as part of the distro.
James has done a fantastic job with this module, making so much of what I and others do possible with respect to forensic analysis. For example, just last night, a friend of mine sent me three RegRipper plugins that he's going to be posting on RegRipper.net. While I can't say that RegRipper would not have been possible without James' module, I can definitely say that it wouldn't be in the state its in now without it.
Thanks, James!
This comment has been removed by the author.
ReplyDeleteHi Haraln,
ReplyDeletewhat is the best 5 perl modules you use on windows forensics ?
thx!
Parse::Win32Registry
ReplyDeleteWin32::OLE
GetOpt::Long
Sorry, there aren't 5...