Top Ad unit 728 × 90

Latest News


Daily Blog #640: Regipy - A new python windows registry forensics library

Hello Reader,
        As I was talking about in #638 I believe automation in DFIR is a big part of our future. With the idea of automating the extraction and basic correlation of data so that a human can use their brain. As we work towards that I'm always looking for new libraries that can support that effort, especially lately if they are written in Python.

So I was happy to see that Martin Korman (who writes the DFIR Dudes blog with Hada Yudovich the winner of the 2018 Defcon DFIR CTF) put out a new python library for parsing Windows Registries.

Read the blog here:

See the code here:

What's interesting is that Martin has taken alot of the registry parsing and transaction log handling we've seen in YARP and added on the ability for creating simple plugins to automatically parse the data it extracts.

I haven't had a chance to compare the library or its output to any other, but I'm always happy to see more options out there. If nothing else take a look at the code to get an idea of how to handle these kinds of data structures in Python. 
Daily Blog #640: Regipy - A new python windows registry forensics library Reviewed by David Cowen on March 07, 2019 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.