CAINE 1.5 Installed... WINE and RegRipper

“The RegRipper is an open-source application for extracting, correlating, and displaying specific information from Registry hive files from the Windows NT (2000, XP, 2003, Vista) family of operating systems.”

Copy the “Hive” files to your “/evidence/config” directory

1. Open a terminal window
2. Become the root user
a. Type: sudo su

3. Maneuver to the /evidence directory and create a subdirectory named config
a. Type: cd /evidence
b. Type: mkdir config

4. Mount your image file
a. See “CAINE 1.5 Installed and MMLS to mount NTFS image file” for more information on how to do this

5. Copy the “Hive” files from the image to the /evidence/config directory
a. cp /media/evidence/WINDOWS/system32/config/* /evidence/config/

6. Change the permissions on the copied files to allow the mitec program to access them
a. chmod 666 /evidence/config/*

Downloading and Installing Regripper

1. Open a browser and go to www.regripper.net
2. Download the “rr_20080909.zip” application
3. Save the rr_20080909.zip file to your desktop
4. Double Click the rr_20080909.zip file
5. Select Edit.. Select All
6. Click the “Extract” button and Type “/home/{username}/.wine/drive_c/Program Files/regripper” in the “Location” textbox.
7. Click the “Extract” button

Using the Regripper

1. Select “Menu… Wine… Browse C:\ Drive”
2. Double Click “Program Files”… “regripper”
3. Right Click the “regripper” icon and Select “Open with Wine Windows Program Loader”
4. Click the Hive File “Browse” button
5. Select /evidence/config/{some hive file}
6. Click the Report File “Browse” button
7. Type {hive file name from step 5}.txt
8. Select the Plug-in File related to the Hive file
9. Click the “Rip It” button

Manuever to /evidence/config to read the output file!

joetekno wrote:“The RegRipper is an open-source application for extracting, correlating, and displaying specific information from Registry hive files from the Windows NT (2000, XP, 2003, Vista) family of operating systems.”

Copy the “Hive” files to your “/evidence/config” directory

1. Open a terminal window
2. Become the root user
a. Type: sudo su

3. Maneuver to the /evidence directory and create a subdirectory named config
a. Type: cd /evidence
b. Type: mkdir config

4. Mount your image file
a. See “CAINE 1.5 Installed and MMLS to mount NTFS image file” for more information on how to do this

5. Copy the “Hive” files from the image to the /evidence/config directory
a. cp /media/evidence/WINDOWS/system32/config/* /evidence/config/

6. Change the permissions on the copied files to allow the mitec program to access them
a. chmod 666 /evidence/config/*

Downloading and Installing Regripper

1. Open a browser and go to www.regripper.net
2. Download the “rr_20080909.zip” application
3. Save the rr_20080909.zip file to your desktop
4. Double Click the rr_20080909.zip file
5. Select Edit.. Select All
6. Click the “Extract” button and Type “/home/{username}/.wine/drive_c/Program Files/regripper” in the “Location” textbox.
7. Click the “Extract” button

Using the Regripper

1. Select “Menu… Wine… Browse C:\ Drive”
2. Double Click “Program Files”… “regripper”
3. Right Click the “regripper” icon and Select “Open with Wine Windows Program Loader”
4. Click the Hive File “Browse” button
5. Select /evidence/config/{some hive file}
6. Click the Report File “Browse” button
7. Type {hive file name from step 5}.txt
8. Select the Plug-in File related to the Hive file
9. Click the “Rip It” button

Manuever to /evidence/config to read the output file!

Hi, I read your post and found it interesting. so I decided to install the regripper but ...
When I go to the address that is specified in the post (www.regripper.net) I see that the page is no longer available because it shows a page not related to the above software
How can I fix this problem?
Thanks in advance and happy holidays.