Skip to main content

A modern Python-3-based alternative to RegRipper

Project description

RegRippy is a framework for reading and extracting useful forensics data from Windows registry hives. It is an alternative to RegRipper developed in modern Python 3. It makes use of William Ballenthin's python-registry to access the raw registry hives.

The goal of this project is to provide a framework for quickly and easily developing your own plugins in an incident response scenario.

By default, the script will look for the various hives by reading the REG_SYSTEM, REG_SOFTWARE, REG_SAM, REG_NTUSER and REG_USRCLASS environment variables. This allows the analyst to simply export these in their current shell session and not have to worry about specifying them every time they invoke the script. Alternatively, you can use the --root switch to specify the path to the root of the C: drive. RegRippy will automatically look into the right places depending on which hive each plugin needs.

All plugins should also support both a human-readable and machine-readable output (the Bodyfile format), allowing easy piping to mactime or other tools.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for regrippy, version 1.0.1
Filename, size File type Python version Upload date Hashes
Filename, size regrippy-1.0.1-py3-none-any.whl (25.0 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size regrippy-1.0.1.tar.gz (15.5 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page