A modern Python-3-based alternative to RegRipper

## Project description

RegRippy is a framework for reading and extracting useful forensics data from Windows registry hives. It is an alternative to RegRipper developed in modern Python 3. It makes use of William Ballenthin's python-registry to access the raw registry hives.

The goal of this project is to provide a framework for quickly and easily developing your own plugins in an incident response scenario.

By default, the script will look for the various hives by reading the REG_SYSTEM, REG_SOFTWARE, REG_SAM, REG_NTUSER and REG_USRCLASS environment variables. This allows the analyst to simply export these in their current shell session and not have to worry about specifying them every time they invoke the script. Alternatively, you can use the --root switch to specify the path to the root of the C: drive. RegRippy will automatically look into the right places depending on which hive each plugin needs.

All plugins should also support both a human-readable and machine-readable output (the Bodyfile format), allowing easy piping to mactime or other tools.

## Project details

Uploaded source
Uploaded py3