A modern Python-3-based alternative to RegRipper

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for AirbusCERT from gravatar.com AirbusCERT

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License
  • Author: Airbus CERT
  • Requires: Python >=3.7
Classifiers
Report project as malware

Project description

RegRippy is a framework for reading and extracting useful forensics data from Windows registry hives. It is an alternative to RegRipper developed in modern Python 3. It makes use of William Ballenthin's python-registry to access the raw registry hives.

The goal of this project is to provide a framework for quickly and easily developing your own plugins in an incident response scenario.

By default, the script will look for the various hives by reading the REG_SYSTEM, REG_SOFTWARE, REG_SAM, REG_NTUSER and REG_USRCLASS environment variables. This allows the analyst to simply export these in their current shell session and not have to worry about specifying them every time they invoke the script. Alternatively, you can use the --root switch to specify the path to the root of the C: drive. RegRippy will automatically look into the right places depending on which hive each plugin needs.

All plugins should also support both a human-readable and machine-readable output (the Bodyfile format), allowing easy piping to mactime or other tools.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for AirbusCERT from gravatar.com AirbusCERT

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License
  • Author: Airbus CERT
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

This version

2.0.2

2.0.0

1.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

regrippy-2.0.2.tar.gz (50.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

regrippy-2.0.2-py3-none-any.whl (52.9 kB view details)

Uploaded Python 3

File details

Details for the file regrippy-2.0.2.tar.gz.

File metadata

  • Download URL: regrippy-2.0.2.tar.gz
  • Upload date:
  • Size: 50.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for regrippy-2.0.2.tar.gz
Algorithm Hash digest
SHA256 e375a1e62404d62843f1a1b10e69b028390f78c7f248fd26764d1786b55e7f27
MD5 1ddf4f7cf3f3e46960a31eb603adc353
BLAKE2b-256 208bcdbe6b527dab806f59f396d32a8f372f38efd966cb15d07840455c79f2a6

See more details on using hashes here.

File details

Details for the file regrippy-2.0.2-py3-none-any.whl.

File metadata

  • Download URL: regrippy-2.0.2-py3-none-any.whl
  • Upload date:
  • Size: 52.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for regrippy-2.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 b78469de06b2293b10bff952d22b76999a9ccb61d4eddfb1588b625629d33ca0
MD5 f52c62055dc0b970e2bbd17e8fd11c3c
BLAKE2b-256 a7081a68f12ac809c22dfbcefda7419f625f9ea42211bdbfd8a77a83fb847a0d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page