Forums
Main Category
General (Technical,...
Offline Registry Pa...
 
Notifications
Clear all

Offline Registry Parser - Updated

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by shige 19 years ago
6 Posts
4 Users
0 Reactions
662 Views
RSS
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
Topic starter 07/09/2005 4:18 pm  

All,

I've updated the code to the offline Registry parsing script that I posted.

The script is here
http//www.windows-ir.com/regparse.zip

The code is cleaner, more modular, and there's better documentation. I added in a small tweak to automagically translate the value names under the UserAssist key, as well.

My blog entry on it is here
http//windowsir.blogspot.com/2005/09/updated-offline-registry-parsing.html

The archive contains a JPG image of a PPT slide…in order to get a better handle on things and how one parses through the Registry, I had to diagram it out…that's what the image is - my diagram. There's no explanation attached to it, so if you're interested, let me know and I'll add one…

H. Carvey
"Windows Forensics and Incident Recovery"
http//www.windows-ir.com
http//windowsir.blogspot.com


   
Quote
 GuidoZ
(@guidoz)
Active Member
Joined: 20 years ago
Posts: 9
09/09/2005 9:48 am  

Nice - thanks for the update Harlan. )


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
Topic starter 09/09/2005 4:41 pm  

Guidoz,

Thanks. Should I take that to mean that you've tried it and it worked well for you?

H. Carvey
"Windows Forensics and Incident Recovery"
www.windows-ir.com
windowsir.blogspot.com


   
ReplyQuote
 jsawyer
(@jsawyer)
Eminent Member
Joined: 20 years ago
Posts: 35
10/02/2006 12:03 am  

http//www.windows-ir.com/regparse.zip

The link doesn't work any more. Is the tool no longer available?


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
Topic starter 10/02/2006 2:33 am  

I took it down b/c no one seemed interested.

I've posted the script in the Windows Forensic Analysis Yahoo Group.

Harlan


   
ReplyQuote
shige
 shige
(@shige)
Active Member
Joined: 20 years ago
Posts: 6
10/02/2006 6:07 am  

I write first time from Japan

I want to get "Offline Registry Parser".
What shoud I do ?

Let me know please.

Thanks. D


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: