Autopsy-Registry-Explorer

Autopsy Module to analyze Registry Hives based on bookmarks provided by EricZimmerman for his tool RegistryExplorer

Specification

Tested Autopsy version: 4.18.0+
OS's supported on: Windows
License: GNU General Public License Version 3

Features

Analyse Registry hives based on bookmarks provided by EricZimmerman
Ability to analyze registry hives independently without the need to load a full disk image
Categorize Keys according to their usage
Transaction logs analysis and determine wether the Registry Hive is dirty or not.

Screenshot

Installation

git clone https://github.com/0xMohammed/Autopsy-Registry-Explorer.git
copy Module folder to 'C:\Users\{Username}\AppData\Roaming\autopsy\python_modules'

Refrences

Autopsy discussion group
Transaction logs analysis
Sleuthkit API Reference
Python Registry Parser

Name		Name	Last commit message	Last commit date
Latest commit History 46 Commits
Common		Common
README.md		README.md
Registry_Explorer.py		Registry_Explorer.py
Registry_Explorer_License.txt		Registry_Explorer_License.txt
regparser.exe		regparser.exe
regparser.py		regparser.py
rla.exe		rla.exe
screenshot.png		screenshot.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Common

Common

README.md

README.md

Registry_Explorer.py

Registry_Explorer.py

Registry_Explorer_License.txt

Registry_Explorer_License.txt

regparser.exe

regparser.exe

regparser.py

regparser.py

rla.exe

rla.exe

screenshot.png

screenshot.png

Repository files navigation

Autopsy-Registry-Explorer

Specification

Features

Screenshot

Installation

Refrences

About

Releases

Packages

Languages

License

0xHasanM/Autopsy-Registry-Explorer

Folders and files

Latest commit

History

Repository files navigation

Autopsy-Registry-Explorer

Specification

Features

Screenshot

Installation

Refrences

About

Resources

License

Stars

Watchers

Forks

Languages