Adrian Leong (http://cheeky4n6monkey.blogspot.com) submitted a neat plugin for CCleaner information. Very nice Adrian and thanks for sharing!
And don’t forget to check out Adrian’s blog.
As a reminder, there are two sites for RegRipper pluggins, both links are below.
Harlan’s Original Code and supporting information http://code.google.com/p/winforensicaanalysis/
Supplemental plugins submitted by RR users http://code.google.com/p/regripperplugins/
Brad Reninger wrote a new plugin that has been incorporated in the latest supplemental plugin zip file. (http://code.google.com/p/regripperplugins/).
Thanks Brad!
NEW PLUGIN by Corey Harrell: filesnottosnapshot.pl that extracts from SYSTEM registry files and folders not backed up in Volume Shadow Copies. This is included in the latest RR download (http://code.google.com/p/regripperplugins/).
On the supplemental RegRipper plugin site, a new page has been created (http://code.google.com/p/regripperplugins/wiki/History). For any plugin writers that would like to maintain a revision history of their plugin, you have full access to the Google Code site to do so. That includes uploading new/updated plugins and wiki access. If you want access, send me an email – bshavers (at) gmail (dot) com. You’ll need a Gmail email account because it is Google Code…and yes, I don’t agree with Google’s privacy policy either…
There have been continual updates in plugin rewrites, new plugins, and Harlan’s newest WFA/3 supporting files available online. As a reminder, both links are below.
http://code.google.com/p/winforensicaanalysis/
http://code.google.com/p/regripperplugins/
And as another reminder, if you have written a plugin…share it. We would all like to not only share in your labor, but also help test the plugins to ensure it works.
Taking some great suggestions to keep track of submitted plugins, as well as to keep track of each plugin version, supplemental plugins are now being hosted on Google Code at:
http://code.google.com/p/regripperplugins/
If you have written a plugin or have one to submit, send me an email and I’ll give you access to the site to upload and maintain your plugin. Anyone can download freely, but access to upload is available only to those that have written/are writing plugins.
Its a work in progress (isn’t everything?) but as an added supplement to Harlan’s work, this is probably the best method of having plugins immediately available as they can be directly uploaded by the plugin writers.
So, if you’ve already written a plugin and want access, send me an email and I’ll give you access to the site.
Brett
After a few suggestions to make downloads easier for the additional RegRipper plugins, you can go directly to a Google Code site at:
http://code.google.com/p/regripperplugins/
Now, if you have written a plugin (or dozens), you can have access to uploading and maintaining your plugin directly. This will allow for the fastest distribution of plugins with a great version control system. Send me an email if you want access now to upload your plugin/s, otherwise, let me know when you need to upload a plugin and I’ll set you up with access.
This is an additional resource of RegRipper of submitted plugins beyond Harlan’s original set, which is located here:
http://code.google.com/p/winforensicaanalysis/
Hopefully, this setup will work out best to get the plugins out there and accessible.
This newly submitted plugin from Cameron is a modified version of Harlan’s officedocs module to work with Office 2010 MRU entries (Word, Excel, Access, and PowerPoint). Thanks to Cameron!
And thanks to Francesco Picasso for sending in his updated plugins.
 | Harlan Carvey on Download update |
 | keydet89 on Download update |
 | s8t8s on Download update |
 | fpika on From Cameron Howell and France… |
Windows IR WinFE SANS Forensic Focus
