RegRippy Logo

RegRippy

0
Free
Visit Website

RegRippy is a framework for reading and extracting useful forensics data from Windows registry hives, developed in modern Python 3 as an alternative to RegRipper. It utilizes William Ballenthin's python-registry to access the raw registry hives, aiming to provide a framework for developing plugins in an incident response scenario.

FEATURES

ALTERNATIVES

A script to assist in creating templates for VirtualBox to enhance VM detection evasion.

Toolkit for performing acquisitions on iOS devices with logical and filesystem acquisition support.

A library for working with Windows NT data types, providing access and manipulation functions.

A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.

A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

A portable volatile memory acquisition tool for Linux.

A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.

A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.

PINNED