All,
I've released the current version of RipXP, a tool for running RegRipper plugins not only against Registry hives, but also across the corresponding hives located in XP System Restore Points.
To download the tool, go to RegRipper.net, in the Downloads section. Please read the included instructions with respect to how to install and employ ripXP.
Thanks!
wow, cool, thnx for the tool )
Looks great. Just downloaded it and added the path to environment variables and it fired right up. Just need a case to experiment on . Any plans to add a GUI like RR?
Free tools like this are great, and it's certainly fast compared to doing this in the FTK GUI, although now I have my standard reports set, I can just let the pre-processor do most of that for me. Before that, I had an in-house tool that ripped in much the same fashion to a nicely formatted report in much the same way your tool does.
Are you planning on being able to rip hives from the Vista Shadow File at all?
> Any plans to add a GUI like RR?
Yes, I'm updating the entire RR toolset, to include a GUI for RipXP.
> Are you planning on being able to rip hives from the Vista Shadow File at all?
I'm not sure what you mean by that…if you mount the shadow file as a drive letter, you can access the hive files, and there's no binary difference between those and the hive files from XP (as opposed to the binary difference in, say, Event Logs).
I meant automated, rather than having to manually mount each shadow file, interrogate it, unmount and move on.
I meant automated, rather than having to manually mount each shadow file, interrogate it, unmount and move on.
Sounds like a great idea…let me know when you find out how to do that, and I'll be happy to incorporate that into this tool, as well as others.
h
Nice Harlan, very nice -)
Thank you.