With the help of this tool users can extract and analyze information from the system registry. There are custom Perl scripts for fetching frequently needed data.
RegRipper
ver. 3.0
5,0 Mb (downloads: 222)
Update date:
07.06.2023
Developer:
Quantum Analytics Research, LLC
Windows version:
Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
RegRipper is a Windows utility oriented toward professional forensic investigators and incident reporters. It allows you to extract specific information from the system registry by running custom Perl scripts. There are both the command line and graphical user interfaces.
Main purpose
This application offers users instruments for scanning the Windows registry to produce forensic evidence suitable for official court filings. It works by parsing system data with the help of Perl scripts to fetch required information.
You can use RegRipper in conjunction with other forensic tools such as FTK Imager and EnCase to collect personal data from desktop or laptop computers.
Parsing process
After starting the program users are instructed to select the hive file to analyze. Additionally, it is necessary to specify the path to the report document that will be formed automatically upon finishing the scan.
The Rip button begins the operation. The source file will be compared to all existing Perl scripts to identify and collect relevant information. You can view the results in the console window or save it in the plain text format.
Features
- free to download and use;
- contains tools for fetching forensic data from the system registry;
- it is possible to compare source information against multiple custom Perl scripts;
- you can export detailed analysis results to a plain text file;
- compatible with all modern versions of Windows.
5,0 Mb (downloads: 222)
