Skip to main content

A modern Python-3-based alternative to RegRipper

Project description

RegRippy is a framework for reading and extracting useful forensics data from Windows registry hives. It is an alternative to RegRipper developed in modern Python 3. It makes use of William Ballenthin's python-registry to access the raw registry hives.

The goal of this project is to provide a framework for quickly and easily developing your own plugins in an incident response scenario.

By default, the script will look for the various hives by reading the REG_SYSTEM, REG_SOFTWARE, REG_SAM, REG_NTUSER and REG_USRCLASS environment variables. This allows the analyst to simply export these in their current shell session and not have to worry about specifying them every time they invoke the script. Alternatively, you can use the --root switch to specify the path to the root of the C: drive. RegRippy will automatically look into the right places depending on which hive each plugin needs.

All plugins should also support both a human-readable and machine-readable output (the Bodyfile format), allowing easy piping to mactime or other tools.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

regrippy-2.0.0.tar.gz (55.4 kB view hashes)

Uploaded source

Built Distribution

regrippy-2.0.0-py3-none-any.whl (48.0 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page