Home
Latest images
Search
Register
Log inUbuntu / CAINE Registry Analysis
4 posters
Page 1 of 1
Ubuntu / CAINE Registry Analysis
joetekno Fri Apr 10, 2009 2:39 am
I'm wondering what others are using for analyzing the Windows registry files with Ubuntu and/or CAINE.
I have installed Wine and am currently using Mitec's Windows Registry Recovery program. It has a nice GUI and is similar to using regedit. It is free to use for both private and commercial users and can be found here: http://www.mitec.cz/wrr.html
Regards,
Joe
I have installed Wine and am currently using Mitec's Windows Registry Recovery program. It has a nice GUI and is similar to using regedit. It is free to use for both private and commercial users and can be found here: http://www.mitec.cz/wrr.html
Regards,
Joe
joetekno- Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19 -
RegRipper
slo.sleuth Fri Apr 10, 2009 9:11 pm
Hi Joe,
I too have used WRR by MiTeC in Linux under WINE. Another tool I've used is RegRipper by Harlan Carvey. It is written in PERL, but doesn't run well under Linux in my experience. That said, it is a good analysis tool if you have a Windows box on which to run it.
I just read a blog where Harlan commented that he didn't make it portable to Linux because he didn't know anyone would want to run it on that platform. Maybe he'll address this in the future.
John
I too have used WRR by MiTeC in Linux under WINE. Another tool I've used is RegRipper by Harlan Carvey. It is written in PERL, but doesn't run well under Linux in my experience. That said, it is a good analysis tool if you have a Windows box on which to run it.
I just read a blog where Harlan commented that he didn't make it portable to Linux because he didn't know anyone would want to run it on that platform. Maybe he'll address this in the future.
John
Last edited by slo.sleuth on Fri Apr 10, 2009 9:27 pm; edited 1 time in total
slo.sleuth- Number of posts : 43
Registration date : 2009-03-31 -
RegRipper for Linux
slo.sleuth Fri Apr 10, 2009 9:27 pm
Well, a little more poking around, and I found someone who ported RegRipper to Linux here. The page is in Italian, but there is a translation link in the upper right pane. Thanks to Snip for making it available.
The link to the download is at the bottom of the blog entry.
John
The link to the download is at the bottom of the blog entry.
John
slo.sleuth- Number of posts : 43
Registration date : 2009-03-31 -
RegRipper / Harlan Carvey
joetekno Tue Apr 14, 2009 1:45 am
John,
Thanks for your reply, I'll take a look at RegRipper this week. My forensic workstations have multiple drives using Windows and Linux. I regularly use LiveView and it is a Windows only tool. It's just nice not to have to reboot if you don't have to and to have an additional tool available to verify findings. I have used other tools Harlan Carvey has created in the past - most notably KeyTime. Thanks again.
Regards,
Joe
Thanks for your reply, I'll take a look at RegRipper this week. My forensic workstations have multiple drives using Windows and Linux. I regularly use LiveView and it is a Windows only tool. It's just nice not to have to reboot if you don't have to and to have an additional tool available to verify findings. I have used other tools Harlan Carvey has created in the past - most notably KeyTime. Thanks again.
Regards,
Joe
joetekno- Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19 -
Registry Ripper
echozulu1 Thu May 13, 2010 5:11 pm
I use Registry Ripper regularly during forensic examinations of the registry.
It works well and produces quick results.
I recommend reading Harlan Carveys book - Windows Forensic Analysis (very good) and porvides good explanations as to what the script produces and explanation as to what some of it means.
Mitec is good for verifying results.
I have access to EnCase Forensic Edition so am able to use that to examine the registry also.
I tried to download the linux port but the link on rapidshare no longer works.
I also recommend visiting http://www.woanware.co.uk/.
Some very good scripts located on this website for forensic examination- including the registry.
EZ1
It works well and produces quick results.
I recommend reading Harlan Carveys book - Windows Forensic Analysis (very good) and porvides good explanations as to what the script produces and explanation as to what some of it means.
Mitec is good for verifying results.
I have access to EnCase Forensic Edition so am able to use that to examine the registry also.
I tried to download the linux port but the link on rapidshare no longer works.
I also recommend visiting http://www.woanware.co.uk/.
Some very good scripts located on this website for forensic examination- including the registry.
EZ1
echozulu1- Number of posts : 1
Località : Wales,Uk
Registration date : 2010-04-29
RR
imsully Tue Jun 01, 2010 5:24 am
I also use RegRipper. Looking forward to trying the linux port (hopefully link is not broken as a previous poster noted). I have not read all of Harvey's book yet but I frequently look items up in it and highly recommend it as a reference. RegRipper allows for a quick glance at things that you can then verify by more thorough examination (it has always proven correct for me though).
Sully
Sully
imsully- Number of posts : 1
Registration date : 2010-06-01
Similar topics» Problema caine from deb su ubuntu 10.04
» CAINE 2.0 - Installazione su ubuntu 10.04 kernel 2.6.32.21
» What is the timeline for a new CAINE based on Ubuntu 12.04?
» CAINE / Ubuntu (Recovery Mode) Italian Keyboard Issue
» CAINE 1.5 Installed... WINE and Windows Registry Recovery
» CAINE 2.0 - Installazione su ubuntu 10.04 kernel 2.6.32.21
» What is the timeline for a new CAINE based on Ubuntu 12.04?
» CAINE / Ubuntu (Recovery Mode) Italian Keyboard Issue
» CAINE 1.5 Installed... WINE and Windows Registry Recovery
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum