I've posted the current iteration of RegRipper v.2.0A basic edition to SourceForge
http//
It's in the file named "rr-040708.zip", under "Windows Forensic Analysis".
The package includes the RegRipper source and EXE (needs the DLL), an FAQ, a whitepaper, a list of the current plugins, etc.
Thanks,
h
Nice one Harlan.
Look forward to running it soon.
Very nice keydet!
I downloaded this the other day and gave it a try..easy to use and well organized. I can't wait for the updated version.
I also like how it's organized, very helpful if you need to use parts of it for reporting.
Thanks for the great tool.
Rong
Rong,
Thanks. As far as an "updated version", that's really more dependent upon feedback received.
Not used it for a real case or anything but did check it out on one of my machines.
Thought it was nice and simple, easy to use and worked a charm. Such a simple idea, i'm surprised nobody thought of it earlier. I guess all it needs now is for everyone to code perl in order to expand its usage for other keys.
One thing that I must ask though, where do you find the time in between cases, writing books, blogs, etc to code software???
Minesh
Harlan,
Great job! It's very fast and easy to use. I ran it against a test case I have and, while I haven't verified everything in your applications report by manually looking, the few I selected where accurate.
This will be a real time saver.
Thanks for all your contributions!
Jon
Hey Jon, your coordinates point to a dark car. Is that yours? Are you in it? Hope it's not your office!
😉
Hey Jon, your coordinates point to a dark car. Is that yours? Are you in it? Hope it's not your office!
😉
Yep…I'm wardriving D
Just kidding
Nice one lol
Not used it for a real case or anything but did check it out on one of my machines.
Too bad…and I hear that a lot. I use it on 'real cases' all the time…in fact, that's why I wrote it.
Thought it was nice and simple, easy to use and worked a charm. Such a simple idea, i'm surprised nobody thought of it earlier.
I asked myself that same question, and I think it's got to do with the fact that most folks who write forensics apps, do not themselves *do* forensic analysis. Remember, I originally starting writing this to meet my own needs…
I guess all it needs now is for everyone to code perl in order to expand its usage for other keys.
Not really. All it really takes is the ability to think/communicate concisely and clearly. For example, I just had someone ask me for a plugin for a particular key, and I verified the path with them…twice. I sent them to the plugin to try…and it wasn't the right path; there's a difference between "Windows\CurrentVersion" and "Windows NT\CurrentVersion". =)
One thing that I must ask though, where do you find the time in between cases, writing books, blogs, etc to code software???
My blog isn't updated daily, and my last book was released in Dec 2007…what else am I supposed to do? =)
h