RegParser (rp) is a python wrapper script for python-registry framework.

RegParser (rp) is a python wrapper script for python-registry framework.

RegParser (rp) is a python wrapper script for python-registry framework (@williballenthin [FireEye]). This command-line utility is designed to slightly extend and facilitate framework’s capabilities. In general it’s used to parse any offline windows registry hives during malware hunting or forensic investigations.

It comes with following major features:
– Search for a registry key, value name or value data patterns described by a comma separated: strings, regex strings or utf8 hex binary strings
– Search for value data by its size, specified by operators like range, equality or inequality
– Search for registry modified keys at given date and time, specified by regex string pattern or range, or inequality operators
– Query the registry keys or values (including partial wildcard support)
Enumerate and display hidden keys and values
Hash registry value content
– Detect hive type
– Export results to .REG format (Simplifies malware analysis/infection reproduction based on file-less registry load points)
– Export results to SQLite (Used by regparser for plugin’s baseline)
– Export results to CSV or stout
– Customize output data (21 different format fields)
– Easy plugin implementation and support with built in plugins like “autoruns”,”services”
– Plugins baseline support

RegParser – 0.5.0 [BETA]

Requirements:
+ Python 3.6.1 Framework
+ Operating system: Windows, Linux, MacOS
+ python-registry module (1.2.0 at least)

Use and Download:

Source: https://github.com/wit0k