Autopsy RegistryExplorer plugin

Autopsy plugin to analyze registry hives

Posted by 0xMohammed on February 07, 2022 · 1 min read


Autopsy Module to analyze Registry Hives based on bookmarks provided by EricZimmerman for his tool RegistryExplorer


  • Tested Autopsy version: 4.18.0+
  • OS’s supported on: Windows
  • License: GNU General Public License Version 3


  1. Analyse Registry hives based on bookmarks provided by EricZimmerman
  2. Ability to analyze registry hives independently without the need to load a full disk image
  3. Categorize Keys according to their usage
  4. Transaction logs analysis and determine wether the Registry Hive is dirty or not.


Hash-Extension-Bruter Usage


  1. git clone
  2. copy Module folder to 'C:\Users\{Username}\AppData\Roaming\autopsy\python_modules'


Autopsy discussion group
Transaction logs analysis
Sleuthkit API Reference
Python Registry Parser