Saturday, December 20, 2008

Perl Module Updated!

Just in time from Christmas, James MacFarlane has give us some Perly goodness! James has updated Parse::Win32Registry to version 0.41! The update appears to be to get key classnames, and is demonstrated in an additional script that James has provided as part of the distro.

James has done a fantastic job with this module, making so much of what I and others do possible with respect to forensic analysis. For example, just last night, a friend of mine sent me three RegRipper plugins that he's going to be posting on RegRipper.net. While I can't say that RegRipper would not have been possible without James' module, I can definitely say that it wouldn't be in the state its in now without it.

Thanks, James!

3 comments:

Brett Shavers said...
This comment has been removed by the author.
Anonymous said...

Hi Haraln,

what is the best 5 perl modules you use on windows forensics ?


thx!

H. Carvey said...

Parse::Win32Registry
Win32::OLE
GetOpt::Long

Sorry, there aren't 5...