Python Registry Parser
Project description
regipy
Regipy is a python library for parsing offline registry hives!
Features:
Use as a library
Recurse over the registry hive, from root or a given path and get all subkeys and values
Read specific subkeys and values
Apply transaction logs on a registry hive
- Command Line Tools:
Dump an entire registry hive to json
Apply transaction logs on a registry hive
Compare registry hives
Execute plugins from a robust plugin system (i.e: amcache, shimcache, extract computer name…)
- Project page:
Using as a library:
from regipy.registry import RegistryHive
reg = RegistryHive('/Users/martinkorman/Documents/TestEvidence/Registry/Vibranium-NTUSER.DAT')
# Iterate over a registry hive recursively:
for entry in reg.rec_subkeys(as_json=True):
print(entry)
# Iterate over a key and get all subkeys and their modification time:
for sk in reg.get_key('Software').get_subkeys():
print(sk.name, convert_wintime(sk.header.last_modified).isoformat())
# Get values from a specific registry key:
reg.get_key('Software\Microsoft\Internet Explorer\BrowserEmulation').get_values(as_json=True)
# Use plugins:
from regipy.plugins.ntuser.ntuser_persistence import NTUserPersistencePlugin
NTUserPersistencePlugin(reg, as_json=True).run()
# Run all supported plugins on a registry hive:
run_relevant_plugins(reg, as_json=True)
Install
pip install regipy
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
regipy-1.2.3.tar.gz
(33.5 kB
view hashes)