Daily Blog #640: Regipy - A New Python Windows Registry Forensics Library

Daily Blog #640: Regipy - A New Python Windows Registry Forensics Library

Hello Reader,
        As I was talking about in #638 I believe automation in DFIR is a big part of our future. With the idea of automating the extraction and basic correlation of data so that a human can use their brain. As we work towards that I'm always looking for new libraries that can support that effort, especially lately if they are written in Python.

So I was happy to see that Martin Korman (who writes the DFIR Dudes blog with Hada Yudovich the winner of the 2018 Defcon DFIR CTF) put out a new python library for parsing Windows Registries.

Read the blog here:
https://medium.com/dfir-dudes/regipy-automating-registry-forensics-with-python-b170a1e2b474

See the code here:
https://github.com/mkorman90/regipy

What's interesting is that Martin has taken alot of the registry parsing and transaction log handling we've seen in YARP and added on the ability for creating simple plugins to automatically parse the data it extracts.

I haven't had a chance to compare the library or its output to any other, but I'm always happy to see more options out there. If nothing else take a look at the code to get an idea of how to handle these kinds of data structures in Python. 

Also Read: Daily Blog #639

Post a Comment