OTE
0 (0)
A powerful OSINT tool for creating custom templates for data extraction and analysis
With the GUI (rr.exe), you no longer have to select a profile; instead, select the hive to parse, and the output directory and the GUI will automatically run all applicable plugins against the hive. This capability is included in rip.exe, as well, via the -a switch. As an alternative, you can use the -aT switch to run all hive-specific TLN plugins against the hive. The ability to run individual plugins, as well as profiles, has been retained. Date Format - There was a GitHub issue posted, asking that the date format be changed to be IAW ISO 8601. However, the actual format provided as part of the issue/request was IAW the RFC 3339 profile (i.e., space between the date and time). NOTE This tool does NOT automatically process hive transaction logs. If you need to incorporate data from hive transaction logs into your analysis, consider merging the data via Maxim Suhanov's yarp + registryFlush.py, or via Eric Zimmerman's rla.exe which is included in Eric's Registry Explorer/RECmd. The following Perl module files have been modified.
A powerful OSINT tool for creating custom templates for data extraction and analysis
Hoarder is a tool to collect and parse windows artifacts.
Yara pattern matching tool for forensic investigations with predefined rules for magic headers in files and raw images.
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
Visually inspect regex matches in binary data/text with YARA and regular expressions, displaying matched bytes and surrounding context.
Tool for parsing Android logs events and protobuf data