tag:blogger.com,1999:blog-9518042.post4187023908098033592..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: RegRipper Plugin UpdatesUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-9518042.post-62893945388226658442008-09-05T11:32:00.000-05:002008-09-05T11:32:00.000-05:00Sam,May I get the USBSTOR2 script please?I respond...Sam,<BR/><BR/><I>May I get the USBSTOR2 script please?</I><BR/><BR/>I responded to your email on this...<BR/><BR/><I>Also, is there a doc yet on creation of our own .pl scripts?</I><BR/><BR/>Not yet, but folks have already done this simply by opening the current plugins...much like Nessus, the plugins are in plain text.<BR/><BR/><I>I looked at the existing .pl scripts, and it looks fairly straightforward, but was wondering if there was anything that you already had put together.</I><BR/><BR/>Not yet. Sometimes writing the plugins isn't the easiest thing to do, even with a familiarity of the Registry. Querying a value is simple...but other things you want to look for, to include correlating between different keys can be challenging.<BR/><BR/><I>In thinking out loud, what might be nice is an import feature where I could have a bunch of keys listed in a CSV file and be able to convert them into a .pl?</I><BR/><BR/>Again, it's just not that easy. If what you wanted to do was simply straightforward, like just grab a value (if it exists), then yeah, you could do that easily...but that doesn't take advantage of the full power of a tool like this.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-87748840643733558622008-09-05T11:24:00.000-05:002008-09-05T11:24:00.000-05:00Harlan,WE LOVE REGRIPPER! You are a rockstar! Be...Harlan,<BR/><BR/>WE LOVE REGRIPPER! You are a rockstar! Been using it a lot lately here!<BR/><BR/>May I get the USBSTOR2 script please?<BR/><BR/>Also, is there a doc yet on creation of our own .pl scripts? <BR/><BR/>I looked at the existing .pl scripts, and it looks fairly straightforward, but was wondering if there was anything that you already had put together.<BR/><BR/>In thinking out loud, what might be nice is an import feature where I could have a bunch of keys listed in a CSV file and be able to convert them into a .pl?<BR/><BR/>Thanks,<BR/>SamAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-39010157349853288662008-06-13T06:35:00.000-05:002008-06-13T06:35:00.000-05:00You can...either use FTK Imager to extract the hiv...You can...either use FTK Imager to extract the hive files from the system, or use F-Response, as has been documented on this blog and others.<BR/><BR/>To get RegRipper to have the ability to just access the live system would require a complete rewrite of the interface. Even the plugins would need to be rewritten.<BR/><BR/>It might be worth doing it there were a market...H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-60168663903796433472008-06-12T23:22:00.000-05:002008-06-12T23:22:00.000-05:00One very usefull feature would be the ability to r...One very usefull feature would be the ability to run regripper against a remmote pc(assuming you have admin access)Anonymousnoreply@blogger.com