1 / 17

RegRipper

RegRipper. Harlan Carvey. Create a Place for Regripper. Put it in bin. But where ever, you must execute it in the parent directory of “plugins”. Get RegRipper http://code.google.com/p/winforensicaanalysis. Setup Regripper. Unpack the zip file

mbriggs
Télécharger la présentation

RegRipper

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RegRipper Harlan Carvey

  2. Create a Place for Regripper Put it in bin. But where ever, you must execute it in the parent directory of “plugins”

  3. Get RegRipperhttp://code.google.com/p/winforensicaanalysis

  4. Setup Regripper • Unpack the zip file • Move all to the root of the regripper directory • Update the plugins form • http://code.google.com/p/regripperplugins/ • Test drive

  5. RegRipper Interface

  6. Create a Case Folder

  7. Get Your Hive Files C:\Windows\System32\Config - Get ‘em all.

  8. Save in your case folder

  9. There they are

  10. RegRipper • Frame work for extracting and displaying specific info from hive files • Permits the tailoring of registry reports • Enables the writing of plugins • The contents of the “plugins” file determines which and in what order the plugins are executed

  11. Plugins File

  12. RegRipper Interface Which hive file will be analyzed Where to put the report Which Plugins file to use

  13. Example

  14. Output

  15. Log

  16. Command Line exe

More Related