turbinia icon indicating copy to clipboard operation
turbinia copied to clipboard

Published 20 hours ago verified publisher icon google

Windows RegRipper job

Open wajihyassine opened this issue 2 years ago • 3 comments

Implement a job that utilizes RegRipper to pull contextual summary information from Windows Registry Hives, useful for many types of investigations.

Please see reference tools below.

wajihyassine avatar Oct 14 '22 20:10 wajihyassine

@wajihyassine sry but we cannot use regripper due to questionable license issues in the past that were never resolved by the author. Tl;dr it has a tainted license

joachimmetz avatar Oct 14 '22 22:10 joachimmetz

Maybe consider https://github.com/airbus-cert/regrippy as an alternative or https://github.com/libyal/winreg-kb

joachimmetz avatar Oct 14 '22 22:10 joachimmetz

Ah good catch ty Joachim. Used it in past role where it provided quick summary output, the two you linked seem promising as well. Will adjust initial comment to reference them instead.

wajihyassine avatar Oct 14 '22 22:10 wajihyassine