Harlan submitted 4 new plugins, now included in the most current download (RegRipper030911.zip) on the download page. The plugins in brief are;
There are few resources of forensic software, used by pretty much every examiner on the planet, that you can get for free, which is also constantly updated by users of RegRipper and Harlan. Although I said mentioned that RegRipper is “free“, it really isn’t totally free, as if users of RegRipper can contribute anything, no matter how little, it will benefit everyone that uses the program. Whether by writing plugins (or suggesting a plugin to be written), giving feedback on using RegRipper, sending sample hives, or just sending a simple ‘thank you’ helps to keep RegRipper going. As to how many examiners use RegRipper…I’ve not met a person that hasn’t used it and not have it benefit a case.
轉自Regripper
notify.pl – updated output format to sort entries based on LastWrite time
Within the zipped RegRipper folder, these new plugins are located under RegRipper030911 > Additional Plugins > Harlan Carveyrenocide.pl -Plugin to assist in the detection of malware per MMPC
init_dlls.pl – Plugin to assist in the detection of malware per Mark Russinovich’s blog post
samparse.pl - Parse the SAM hive file for user/group membership info
There are few resources of forensic software, used by pretty much every examiner on the planet, that you can get for free, which is also constantly updated by users of RegRipper and Harlan. Although I said mentioned that RegRipper is “free“, it really isn’t totally free, as if users of RegRipper can contribute anything, no matter how little, it will benefit everyone that uses the program. Whether by writing plugins (or suggesting a plugin to be written), giving feedback on using RegRipper, sending sample hives, or just sending a simple ‘thank you’ helps to keep RegRipper going. As to how many examiners use RegRipper…I’ve not met a person that hasn’t used it and not have it benefit a case.
轉自Regripper
發表文章
0 意見: