Autopsy RegistryExplorer plugin

Autopsy plugin to analyze registry hives

Posted by 0xMohammed on February 07, 2022 · 1 min read

Autopsy-Registry-Explorer

Autopsy Module to analyze Registry Hives based on bookmarks provided by EricZimmerman for his tool RegistryExplorer

Specification

  • Tested Autopsy version: 4.18.0+
  • OS’s supported on: Windows
  • License: GNU General Public License Version 3

Features

  1. Analyse Registry hives based on bookmarks provided by EricZimmerman
  2. Ability to analyze registry hives independently without the need to load a full disk image
  3. Categorize Keys according to their usage
  4. Transaction logs analysis and determine wether the Registry Hive is dirty or not.

Screenshot

Hash-Extension-Bruter Usage

Installation

  1. git clone https://github.com/0xMohammed/Autopsy-Registry-Explorer.git
  2. copy Module folder to 'C:\Users\{Username}\AppData\Roaming\autopsy\python_modules'

Refrences

Autopsy discussion group
Transaction logs analysis
Sleuthkit API Reference
Python Registry Parser